P4 Lead - Legal Job Details | PayU Payments We use cookies to offer you the best possible website experience. Your cookie preferences will be stored in your browser’s local storage. This includes cookies necessary for the website's operation. Additionally, you can freely decide and change any time whether you accept cookies or choose to opt out of cookies to improve the website's performance, as well as cookies used to display content tailored to your interests. Your experience of the site and the services we are able to offer may be impacted if you do not accept all cookies. Modify Cookie Preferences Reject All Cookies Accept All Cookies Skip to main content Home Page
About Us Open Jobs Home Page
About Us Open Jobs Language English (United Kingdom) Candidate Login Select how often (in days) to receive an alert: Create Alert × Select how often (in days) to receive an alert: Apply now » P4 Lead - Legal
About
the Team Join PayU's Legal and privacy team and work in a dynamic intersection of privacy and fintech laws. The Legal and Compliance team at PayU plays a strategic role in enabling business growth while ensuring adherence to regulatory and legal frameworks.
About
the Role To support PayU’s growth plans in India for credit, payments and fintech opportunities, PayU is looking for a privacy legal counsel with strong background in privacy with exposure to banking, finance, technology and general corporate (and vendor contracts) related legal work together with a possible background in payments, credit and/or other financial services. We are seeking a dynamic Manager - Privacy to lead Digital Personal Data Protection Act, 2023 (“ DPDP Act ”) implementation across PayU group of companies.
The role will be to a ssist in implementation of the privacy program for PayU group of companies, embed privacy by design across products, platforms and go-to-market initiatives. Ensure compliance with Indian laws (DPDP Act, IT Act), sectoral
requirements (RBI/NPCI/PCI DSS), and applicable global standards (e.g., GDPR).
Responsibilities: Operationalize privacy controls across credit journeys: consent capture, purpose limitation, data minimization, retention/deletion, and grievance redressal. Conduct DPIAs/PIAs for lending use cases (modeling, profiling, alternative data, bureau/KYC data), and document risk treatments. Maintain end‑to‑end data flow diagrams/inventories/RoPA across systems, APIs, data lakes, and vendors. Assist in Data Principal requests/DSARs wherever necessary; implement ticketing/automation and quality checks. Lead vendor privacy due diligence, DPAs, ongoing monitoring. Coordinate with InfoSec (where necessary) on incident/breach management and table‑top exercises; support regulatory engagement and audits. Align privacy practices with RBI digital lending guidelines, outsourcing, KYC/Aadhaar/UIDAI obligations, and credit bureau codes. Partner with Data/Engineering on anonymization/pseudonymization, PETs, lineage, and role-based access. Deliver periodic training to business, collections, and operations; publish dashboards and risk metrics. Technical fluency with data architectures, APIs, logs, and data lifecycle; ability to read data flow diagrams and collaborate with engineering. Working knowledge of DPDP Act, RBI/MeitY guidance, UIDAI/Aadhaar norms, GDPR fundamentals. Hands‑on with DPIA/PIA, DSAR, vendor risk, incident response; experience with privacy tools (OneTrust/TrustArc/BigID) a plus. Strong stakeholder management across product, risk, data science, operations, and legal.
Requirements: Essential
Qualifications: 4–6 years in privacy, security, or risk within fintech/NBFC, with demonstrable exposure to digital lending/credit data. Bachelor's degree in law Excellent verbal and written communication skills in English and Hindi with professional demeanour. Preferred
Qualifications LLB/LLM IAPP certifications (CIPP/A or CIPP/E, CIPM), ISO 27001 LA/LI (desired, but not mandatory) PCI DSS exposure preferred Key Competencies: The ideal candidate will be an independent, result oriented, self-motivated individual who enjoys working in a fast paced, international, dynamic, and diverse environment. Ability to work in a highly dynamic environment and collaborate with various internal and external stakeholders. Drafting and reviewing data processing agreements, updating policies and processes, and assisting in overall implementation of the organizations data privacy framework. Work independently and liaise with business stakeholders and clients to understand and evaluate their respective data privacy & security
requirements. Provide legal and regulatory advice relating to data privacy in order to minimize financial, legal and reputational risks. This will include advise on potential products / services proposed to be launched, potential business arrangements with partners / merchants and negotiating contracts with counterparties. Handle queries and issues relating to data privacy laws / regulations. Establish template standard documents for frequently used documentation. Liaising with international consultants / advisors to advise the organization on global data protection laws and its
requirements, Assist the organization by keeping abreast of new legislation and regulatory developments that may impact the business of the organization Strong drafting and communication (both written and oral) skills in English. Efficient, punctual, responsible, transparent, reliable and accountable. What we offer? A positive, get-things-done workplace. A dynamic, constantly evolving space (change is par for the course – important you are comfortable with this). An inclusive environment that ensures we listen to a diverse range of voices when making decisions. Ability to learn cutting edge concepts and innovation in an agile start-up environment with a global scale.
About us: PayU, one of India's leading digital financial services providers with Prosus as an investor, operates businesses that are regulated by the Reserve Bank of India and offers advanced solutions to meet the digital payment and digital lending
requirements of the Indian market. PayU India companies aim to create a full-stack digital financial services platform to serve all (tapped and untapped) financial needs of customers through technology solutions. PayU Finance India Private Limited, is a non-deposit taking systemically important non-banking financial company registered with the Reserve Bank of India(“RBI”) vide certificate of registration (CoR) number 13.00127 dated 21 February 2019. PayU Finance is engaged inter alia in the business of providing products, enterprise lending and specific lending, apart from providing certain technology related services, financial services, or a combination of both. Our Commitment to Building a Diverse and Inclusive Workforce As a global and multi-cultural organization with varied ethnicities thriving across locations, we realize that our responsibility towards fulfilling the D&I commitment is huge. Therefore, we continuously strive to create a diverse, inclusive, and safe environment, for all our people, communities, and customers. Our leaders are committed to create an inclusive work culture which enables transparency, flexibility, and unbiased attention to every PayUneer so they can succeed, irrespective of gender, color, or personal faith. An environment where every person feels they belong, that they are listened to, and where they are empowered to speak up. At PayU we have zero tolerance towards any form of prejudice whether a specific race, ethnicity, or of persons with disabilities, or the LGBTQ communities. Apply now » Find similar jobs: . Copyright 2025 PayU. All rights reserved / Privacy / Terms of use × Cookie Consent Manager When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Required Cookies These cookies are required to use this website and can't be turned off. Show More Details Required Cookies Provider Description Enabled SAP as service provider We use the following session cookies, which are all required to enable the website to function: "route" is used for session stickiness "careerSiteCompanyId" is used to send the request to the correct data centre "JSESSIONID" is placed on the visitor's device during the session so the server can identify the visitor "Load balancer cookie" (actual cookie name may vary) prevents a visitor from bouncing from one instance to another Confirm My Choices Reject All Cookies Accept All Cookies
