Lead Regulatory Compliance & InfoSec Governance

Role Overview As a leader at FinBox, you will be responsible for managing regulatory compliance, InfoSec audits, risk governance, privacy implementation, and third-party due diligence across India, Vietnam, and the Philippines. Key Responsibilities - Audit Ownership & Execution - Plan, coordinate, and execute 15+ internal and external audits annually, including ISO, SOC 2, client audits, and Specified User reviews. - Own audit lifecycle management from kickoff to closure, ensuring evidence readiness and zero non-conformities. - Risk Governance & Framework Design - Establish and maintain risk registers, compliance control libraries, and issue remediation trackers. - Conduct periodic governance reviews in collaboration with the CISO and cross-functional teams to address gaps and improve maturity. - Cross-functional Legal Collaboration - Partner with the Legal team on regulatory submissions, data sharing agreements, privacy clauses, outsourcing documentation, and customer/vendor contract reviews. - Act as a compliance advisor in cross-functional engagements involving product, partnerships, and legal risk. - Due Diligence & Partner Compliance - Lead regulatory due diligence for onboarding and periodic reviews of fintechs, NBFCs, and CICs. - Define go/no-go criteria based on financial, technical, and regulatory risks. - Provide documentation support during client assessments. - Privacy & Data Protection Compliance - Implement privacy-by-design principles across systems and workflows. - Lead DPDP readiness, including data mapping, consent management, and deletion SOPs. - Ensure compliance across India, Vietnam, and the Philippines. - Vendor Risk & Third-party Oversight - Manage the end-to-end lifecycle of vendor risk assessments. - Define onboarding checklists, review DR/BCP capabilities, monitor SLAs, and coordinate with InfoSec, Legal, and Tech for control implementation and ongoing monitoring. - Mentoring & Engagement Support - Act as a mentor to team members by guiding them through live compliance engagements, audits, and documentation processes. - Share subject matter insights, review outputs, and support their learning journey through contextual feedback and scenario-based coaching. - Documentation & Audit Trail Management - Maintain structured repositories of all compliance policies, trackers, audit findings, evidence logs, and issue closures in Google Drive, Confluence, and Sprinto. - Ensure accuracy, version control, and easy retrievability. - Strategic Reporting & Compliance Insights - Regularly update the CISO and senior leadership on compliance posture, audit outcomes, risk trends, and regulatory changes. - Contribute to board-level reports, Specified User submissions, and strategic risk planning.,