About Fam (previously FamPay)
Fam is India’s first payments app for everyone above 11. FamApp helps make online and offline payments through UPI and FamCard. We are on a mission to raise a new, financially aware generation, and drive 250 million+ young users in India to kickstart their financial journey super early in their life.
We’re reimagining how the next generation experiences fintech—going beyond payments to build a lifestyle brand that blends money, identity, and everyday experiences into one seamless, intuitive journey.
Founded in 2019 by IIT Roorkee alumni, Fam is backed by some of the most respected investors around the world like Elevation Capital, Y-Combinator, Peak XV (Sequoia Capital) India, Venture Highway, Global Founder’s Capital and the likes of Kunal Shah, Amrish Rao as angel investors.
About this Role:
We're looking for a Lead Compliance to build and own Fam's tech, product, and infosec compliance function from the ground up. This is a 0→1 role — you'll define the framework, manage regulatory obligations end-to-end, and make sure compliance is a competitive advantage, not a bottleneck. This role sits at the intersection of product, engineering, and regulation, and demands someone who can translate a dense RBI circular into a product decision. You'll be working directly with leadership to make Fam the most trusted fintech platform for India's next generation.
On the Job
Own RBI Tech Compliance End-to-End: Be the single owner for all RBI-mandated tech and product compliance obligations — IS Audit coordination, CERT-In incident reporting, circular tracking, and regulatory correspondence on tech matters
Product Compliance Partnership: Work closely with Product and Engineering during the design and launch of new features to flag regulatory risks early — data collection practices, consent flows, KYC/AML product requirements, and minor-specific compliance needs (FamPay's core user base)
Infosec Governance: Define and maintain the information security policy framework, conduct or commission periodic risk assessments, manage vulnerability disclosure processes, and ensure security controls meet regulatory and internal standards — coordinate with the engineering team rather than operate as a practitioner
Audit Readiness & Management: Prepare the organization for internal and external audits (IS Audit, RBI reviews, PCI-DSS assessments) — run pre-audit readiness checks, manage auditor interactions, and drive closure of observations
Incident & Breach Response (Compliance Lens): Lead the compliance response to security incidents — CERT-In breach notifications, RBI reporting timelines, internal escalation protocols, and post-incident documentation
Third-Party & Vendor Compliance: Build and run a vendor risk assessment process; ensure tech partners, cloud providers, and data processors meet FamPay's compliance and regulatory requirements
Regulatory Tracking & Advisory: Monitor RBI, NPCI, MeitY, and DPDPA-related regulatory developments; translate new circulars/guidelines into actionable requirements for Product, Engineering, and the broader team with minimal lag
Security Awareness & Compliance Culture: Drive a compliance-aware culture — conduct periodic training for internal teams, manage compliance acknowledgements, and ensure teams understand obligations without it being a blocker to velocity
Must-haves (Min. qualifications)
7–10 years of overall experience in tech/IT compliance, regulatory compliance, or information security — with at least 4–5 years specifically in a fintech, payments company, or banking/NBFC environment
Hands-on familiarity with RBI's tech and product regulations — including Master Directions on PPIs, UPI operational guidelines, CERT-In compliance requirements, and the RBI IS Audit framework
Experience managing or preparing for regulatory audits (IS Audits, CERT-In audits, RBI thematic reviews) end-to-end — from gap assessments to closure of findings
Working knowledge of India's data protection landscape — DPDP Act 2023, data localization requirements, and consent framework design for digital products
Familiarity with PCI-DSS standards, especially as they apply to payment product infrastructure
Strong grasp of cloud security concepts (particularly AWS) sufficient to evaluate architecture decisions, review security controls, and engage meaningfully with engineering teams — does not need to be a hands-on practitioner
Bachelor's degree in Computer Science, Information Security, Law (Tech), or a related field
Experience drafting, implementing, and maintaining security & compliance policies, SOPs, and internal control frameworks
Good to have
Prior exposure to product compliance — app store policies (Google/Apple), age-gating/minor-specific consent flows, consumer protection guidelines (RBI's Customer Protection Circular)
Experience working with third-party risk management — onboarding due diligence, vendor security assessments, and contractual compliance requirements for technology partners
Relevant certifications: CISA, CISSP, ISO 27001 Lead Auditor/Implementer, or AWS Security – Specialty — these are strongly preferred signals
Familiarity with SEBI or IRDAI tech regulations (useful if FamPay expands into investment or insurance products)
Prior work at an early-to-mid stage fintech where compliance infrastructure had to be built, not just inherited — people who've written the first policy doc from scratch tend to thrive here
Why join us?
- Work in a lean, high-ownership team where your work is visible and impactful
- Take end-to-end ownership of compliance and infosec
- Shape the trust, security & compliance function at one of India's most recognised fintech brands
- Grow as a leader in tech & product compliance at the intersection of fintech, regulation, and product building