Meesho8h ago

New

Associate Compliance Manager

India·BangaloreFull Time Employeemid

Legal & ComplianceCompliance Specialist

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

About the Team Meesho's Security & Compliance team safeguards a platform that 5% of Indian households shop with - millions of orders, billions of data points, zero downtime as a baseline.

Technical Tools

Legal & ComplianceCompliance Specialist

About the Role

~1 min read

This is a hands-on individual contributor role for someone who wants to drive - not just oversee - a multi-framework compliance program. You'll be the DRI for ISO 27001:2022 and SOC 2 Type II, run end-to-end ITGC and TPRM cycles, and help operationalise India's DPDP Rules 2025 across a product organisation that processes data at meaningful scale. You'll work directly with Engineering, IT, Legal, Product, and external auditors.

Own the certification and surveillance cycle for ISO 27001:2022 and SOC 2 Type II; act as the single point of contact for external auditors.

Plan and execute readiness assessments, gap closure, evidence collection, control walkthroughs, and management responses.

Maintain audit calendars, evidence repositories, and bridge letters between audit windows.

Drive PCI DSS v4.0.1 scope-reduction and assessment activities for in-scope environments.

Maintain Meesho's ISMS aligned to ISO 27001:2022 - all 93 Annex A controls mapped across Organizational, People, Physical and Technological themes, with named owners and live evidence.

Author, review, version-control and socialise security policies, standards, and procedures.

Map controls across frameworks: ISO 27001:2022, SOC 2 TSC, PCI DSS v4.0.1, NIST CSF 2.0, CIS Controls v8, DPDP.

Design, test and continuously improve IT General Controls: access management, change management, IT operations, and SDLC.

Plan and execute internal audits; track findings to closure with engineering and IT.

Build and maintain the enterprise risk register; run RCSA, define KRIs, drive risk treatment plans and residual-risk acceptance with leadership.

Run the full vendor lifecycle: intake → tiering → security due diligence (SIG / CAIQ / SOC 2 / ISO reviews) → contractual controls → continuous monitoring → offboarding.

Partner with Legal and Procurement to embed security clauses in MSAs, DPAs, and sub-processor agreements.

Conduct on-site / virtual vendor audits for tier-1 vendors and report to the security council.

Operationalise the DPDP Act 2023 + DPDP Rules 2025 across the business: DPIAs, consent and notice flows, data-principal rights, 72-hour breach notification, and Records of Processing Activity.

Prepare Meesho for likely Significant Data Fiduciary (SDF) obligations: independent data-auditor coordination, DPO interfacing, algorithmic transparency, and children's-data safeguards.

Track IT Act, CERT-In directions, and sector-specific guidelines as relevant.

Maintain BCP and DR aligned to ISO 22301 - BIAs, RTO/RPO definitions, and annual DR / failover testing.

Run organisation-wide security and privacy awareness: onboarding, refreshers, phishing simulations, and role-based modules.

Respond to seller, partner and enterprise security questionnaires; maintain the Trust Center and security collateral.

4–6 years in security compliance, IT audit, or GRC at a product company (SaaS, fintech, e-commerce, payments, consumer internet).

Hands-on experience driving ISO 27001:2022 end-to-end: gap → implementation → certification → surveillance.

Hands-on experience driving SOC 2 Type II end-to-end, including auditor management.

Strong ITGC experience: access, change, ops, and SDLC control design and testing.

Strong TPRM experience across the full vendor lifecycle.

Working knowledge of cloud (AWS and/or GCP) - shared-responsibility model, CIS benchmarks, native services for evidence (AWS Config, GCP SCC, CloudTrail, IAM Analyzer).

Demonstrated stakeholder management with Engineering, IT, Legal, Product, and external auditors.

Excellent written communication - you'll author policies, audit responses, and risk reports read by senior leadership.

Nice to Have

~1 min read

DPDP Act 2023 / DPDP Rules 2025 implementation experience; familiarity with GDPR or ISO 27701.

Hands-on with a GRC platform: Sprinto, Vanta, Drata, OneTrust, AuditBoard, MetricStream, ServiceNow GRC, or Archer.

ISO 22301 BCMS experience.

Exposure to RBI / SEBI / IRDAI sectoral compliance.

PCI DSS v4.0.1 experience.

ISO 27001:2022 Lead Auditor / Lead Implementer

Democratising internet commerce for everyone — Meesho (Meri Shop) started with a single idea in mind: to be an e-commerce destination for Indian consumers and to enable small businesses to succeed online.

We provide our sellers with benefits such as zero commission and affordable shipping solutions in the market. Today, sellers nationwide are growing their businesses by tapping into Meesho’s large and diverse customer base, state-of-the-art tech infrastructure, and pan-India logistics network through trusted third-party partners.

Affordable, relatable merchandise that mirrors local markets has helped us connect with internet users and serve customers across urban, semi-urban, and rural India. Our unique business model and continuous innovation have established us as a part of India’s e-commerce ecosystem.

Our focus is on cultivating a dynamic workplace characterized by high impact and performance excellence. We prioritize a people-centric culture, dedicated to hiring and developing exceptional talent.

Total rewards at Meesho comprise a comprehensive set of elements — monetary, non-monetary, tangible, and intangible. Our 9 guiding principles, or "Mantras," are the backbone of how we operate, influencing everything from recognition and evaluation to growth discussions. Daily rituals and processes like “Problem First Mindset,” “Listen or Die,” our Internal Mobility Program, Talent Reviews, and Continuous Performance Management embody these principles.

We offer competitive compensation — both cash and equity-based — tailored to job roles, individual experience, and skill, along with employee-centric benefits and a supportive work environment. Our holistic wellness program, MeeCare, includes benefits across physical, mental, financial, and social wellness. This includes extensive medical insurance for employees and their families, wellness initiatives like telehealth, wellness events, and fitness-related perks.

To support work-life balance, we offer generous leave policies, parental support, retirement benefits, and learning and development assistance. Through personalized recognition, gratitude for stretched work, and engaging activities, we promote employee delight at the workplace. Additional benefits such as salary advance support, relocation assistance, and flexible benefit plans further enrich the Meesho experience.

At Meesho, we are committed to creating an inclusive and accessible workplace where every individual can thrive. In compliance with the Rights of Persons with Disabilities Act, 2016, we uphold the following principles:

Equal Opportunity: We ensure that employment opportunities are never denied on the grounds of disability if the candidate is otherwise competent to perform the job.
Accessible Workplace: Our facilities are designed to be fully accessible, with amenities and assistive devices provided to support differently abled individuals in their work.
Inclusive Hiring Process: We adopt a transparent and non-discriminatory selection process, including providing application forms in alternate formats and offering reasonable accommodations during interviews upon request.
Career Growth: We provide adequate training post-recruitment and pre-promotion, with training materials available in accessible formats to enable equal career progression.
Support & Confidentiality: A dedicated liaison officer/committee addresses concerns and grievances, while maintaining strict confidentiality of disability-related information.
Awareness & Inclusion: We conduct awareness programs to promote a culture of inclusivity across the organization.

Meesho welcomes applicants and employees of all abilities and is dedicated to fostering an environment where differently abled persons can achieve their full potential.

Know more about Meesho here : https://www.meesho.io/