Search 
jobs
Explore 
companies
Join talent network
Talent
My job alerts

Compliance Engineer

Razorpay

Razorpay

Legal
Bengaluru, Karnataka, India
Posted on Mar 31, 2026
Apply now

Razorpay is one of India’s leading full-stack financial technology companies, powering the way businesses move, manage, and grow money. Founded in 2014 by Harshil Mathur and Shashank Kumar with a simple vision — to simplify payments for Indian businesses — we’ve since grown into a fintech powerhouse driving India’s digital payment revolution.

Razorpay powers millions of businesses with a smarter, scalable stack that goes beyond transactions to help them truly build and grow.

From seamless checkouts to payroll automation, across India, Singapore, and Malaysia, we’ve been engineering a fintech ecosystem that’s redefining how money moves across Asia — and we’re just getting started.

Today, that ecosystem supports everyone from early-stage startups to some of India’s largest enterprises, enabling them to accept, process, and disburse payments at scale while expanding into new ways of managing money more efficiently.

Our scale speaks volumes: Razorpay processes $180+ billion in annualized transactions, powering leading businesses like Airbnb, Facebook, WhatsApp, Airtel, CRED, BookmyShow, Zomato, Swiggy, Lenskart, Mirae Asset Capital markets, Indian Oil, National Pension Scheme — and over 100 of India’s unicorns. With strong roots in India and growing operations in Southeast Asia, we are shaping the next chapter of financial technology across the region.

We are backed by global investors including GIC, Peak XV Partners (formerly Sequoia Capital India & SEA), Tiger Global, Ribbit Capital, Matrix Partners, MasterCard, and Salesforce Ventures, having raised over $740 million to date. Strategic acquisitions — including Ezetap (POS and offline payments), Curlec (Malaysia expansion), BillMe (digital invoicing), and POP (rewards-first UPI) — along with earlier moves in fraud prevention, payroll, and lending, have further strengthened our platform and widened our footprint across Asia.

But what truly sets Razorpay apart is our culture. At Razorpay, ownership is our oxygen — you own what you build, with no micromanagement or red tape, just the runway to make your ideas fly. Learning is a lifestyle — if you’re curious, you’ll feel at home here. People > Pedigree — we hire for attitude, hustle, and hunger more than degrees. Transparency thrives over titles — this is where interns question CXOs and CXOs say “thank you.” Guided by our values of Customer First, Autonomy & Ownership, Agility with Integrity, Transparency, Challenging the status quo and a strong belief that Razorpay grows with Razors, you’ll be part of a 3000+ strong team building not just products, but the financial infrastructure of the future.

Compliance Engineer

Function: Security & Compliance · Level: Individual Contributor · Location: Bangalore

Razorpay Hiring Philosophy for This Role

While we value knowledge of compliance frameworks and audit standards, this role is designed for a hands-on compliance practitioner who can navigate technical environments, assess real systems against regulatory and framework requirements, and deliver audit-ready evidence — not just fill out checklists. Familiarity with PCI DSS, ISO 27001, and related standards is necessary but not sufficient. The ability to apply that knowledge to actual infrastructure, cloud environments, and increasingly AI-powered workflows is what differentiates the right candidate. As Razorpay scales its use of AI tools and LLM-based systems across operations, even our foundational compliance roles must be equipped to evaluate and operate in this new landscape.

Role Summary

Razorpay is seeking a Compliance Engineer who will plan, execute, report, and manage internal audits across all areas of the business — making recommendations to process owners, staff, and leadership. You will create, define, and improve processes and procedures in line with industry standards and audit requirements. This is a practitioner role: you will gather evidence, review systems, assess vendors, and contribute to compliance operations directly. As AI tools become embedded in Razorpay's workflows, you will support the evaluation and ongoing compliance monitoring of these systems under guidance from senior engineers.

What Makes This Role Different at Razorpay

Practitioner-First. Not Theory-First.

  • Understanding Systems: You can review technical environments and understand how data moves through infrastructure, applications, and third-party integrations.

  • Cloud & Platform Familiarity: You are comfortable working with modern cloud platforms (AWS/Azure) and have experience assessing compliance posture in technology-driven companies.

  • Practical Application: You know the compliance frameworks (PCI DSS, ISO 27001, SOC 2), but your real strength is applying them to actual systems, vendor integrations, and emerging AI tools — not just maintaining documentation.

Key Responsibilities

A. Audit & Compliance Operations

  1. Develop, implement, and maintain internal audit policies and procedures in accordance with local regulations, legal requirements, PCI DSS, ISO 27001, and any other standard the company adopts.

  2. Assist the compliance manager in administering all processes and procedures, ensuring operations stay within the regulatory framework, and recommending ways to minimize risk.

  3. Stay current with legal and regulatory developments relative to business operations; audit and monitor data, systems, and processes for compliance with policies and laws.

  4. Prepare for and participate in process-led internal audits and external vendor audits at planned intervals; provide clear reporting on whether management systems conform to legal, regulatory, and framework requirements (PCI DSS Level 1, ISO 27001:2013, GDPR).

  5. Follow up with internal stakeholders to gather required evidence and organize it in a structured folder at the defined location.

  6. Produce audit reports identifying: audit criteria and scope, deficiencies and non-conformities, corrective actions required (agreed with process owner), responsible owners, and achievable target dates for follow-up.

  7. Monitor progress on corrective actions to ensure they are concluded without undue delay.

B. Vendor & Third-Party Compliance Assessment

  1. Plan and complete ad-hoc vendor audits as required — going beyond standard questionnaires to review actual data flows, integration configurations, and technical controls.

  2. Assess third-party tools and SaaS platforms against PCI DSS, ISO 27001, and data protection requirements before organizational adoption.

  3. Maintain vendor assessment records, tracking control gaps and remediation timelines.

C. AI & Automation in Compliance Operations

  1. Evaluate AI Tools for Compliance: Support the evaluation of AI-powered tools and LLM-based workflows adopted across the organization by gathering evidence, reviewing data flows, and flagging privacy or compliance concerns to senior team members.

  2. AI Tool Onboarding: Assist in building and maintaining AI tool onboarding checklists — ensuring new AI/SaaS tools are assessed against PCI DSS, ISO 27001, and data protection requirements before adoption.

  3. Leverage AI for Compliance Work: Use AI-assisted tools (e.g., Claude, Copilot) to accelerate routine compliance tasks such as evidence collection, audit log review, policy document analysis, and control-gap identification.

  4. Monitor AI-Integrated Systems: Help maintain dashboards and automated workflows that track compliance posture across systems, including AI-integrated platforms.

  5. Participate in AI Privacy Reviews: Support privacy and security reviews of internal AI use cases — such as chatbots, document summarizers, or AI-assisted customer support — under guidance from senior compliance engineers.

  6. AI Incident Support: Assist in classifying and tracking AI-related data handling issues (e.g., unintended PII exposure in AI outputs, data retention by third-party AI providers) to ensure timely response.

D. Documentation, Reporting & Awareness

  1. Assist in the preparation of new documented information as well as updates to existing policies, procedures, and control descriptions.

  2. Update and record standard-specific clauses and controls covered post-audit.

  3. Contribute to planning and executing information security and compliance awareness programs — including awareness of AI-related compliance risks across the organization.

  4. Comply with legal, regulatory, contractual, and business requirements across all activities.

E. Stakeholder Collaboration

  1. Communicate with external teams and auditors professionally, keeping relevant stakeholders informed of progress, blockers, and findings.

  2. Work with engineering, product, and legal teams to explain compliance requirements clearly — particularly for teams adopting new AI tools or building AI-powered features.

  3. Proactively seek help when blocked and escalate issues to senior compliance engineers in a timely manner.

Must Have Skills & Knowledge

Compliance Framework Expertise

  • Good understanding of international standards and compliance frameworks — PCI DSS, ISO 27001, SOC 2, and familiarity with GDPR.

  • Understanding of audit methodologies, processes, and reporting standards — ability to identify non-conformities, define corrective actions, and track remediation.

  • Familiarity with industry frameworks such as ITIL, COBIT, and their application in technology compliance.

  • Awareness of regulatory requirements relevant to payments and fintech — RBI guidelines, SEBI frameworks, and data localization requirements.

AI & LLM Compliance Awareness

  • Understanding AI Data Flows: Basic understanding of how AI/LLM tools (e.g., ChatGPT, Claude, Copilot) handle data — including concepts like data retention, prompt processing, model training on inputs, and third-party data sharing.

  • Vendor Policy Assessment: Familiarity with evaluating AI vendor privacy policies and data processing agreements against compliance framework requirements (PCI DSS, ISO 27001, GDPR/DPDP).

  • AI Risk Recognition: Awareness of compliance risks unique to AI — such as unintended PII exposure in AI outputs, data retention beyond organizational policy, cross-border data transfer to AI providers, and prompt injection vulnerabilities.

  • Responsible AI Practices: Understanding of basic responsible AI principles: data minimization in AI inputs, consent considerations for AI-processed data, and the importance of logging/auditability for AI-assisted decisions.

Technical Literacy (Baseline Requirements)

  • Basic technical understanding of information security concepts — network infrastructure, encryption, access controls, and data protection.

  • Familiarity with cloud platforms (AWS or Azure) and understanding of how compliance controls map to cloud environments.

  • Ability to read and interpret system diagrams, data flow diagrams, and architecture documentation to identify compliance-relevant data paths.

  • Awareness of CI/CD pipelines and how compliance controls (including for AI tool integrations) can be embedded in the software release lifecycle.

AI-Assisted Compliance Operations

  • Using AI Tools Productively: Ability to use AI-assisted tools to speed up compliance workflows — such as parsing audit logs, summarizing technical documentation, reviewing policy documents, or drafting control test cases.

  • Supporting Automation: Ability to help maintain automated compliance workflows — such as dashboards that aggregate compliance status, alert-driven ticket generation, or automated evidence collection pipelines.

  • Validating AI Outputs: Awareness that AI-generated outputs (summaries, analyses, draft reports) require human review for accuracy and regulatory alignment before being accepted as formal compliance evidence.

Soft Skills & Ways of Working

  • Evidence-first mindset — you look for proof, not just assurances.

  • Good analytical skills and structured thinking — ability to organize findings clearly and prioritize by risk.

  • Clear, concise documentation for both technical and non-technical audiences.

  • Collaborative across engineering, product, legal, and vendor teams — you enable, not block.

  • Self-starter willing to roll up sleeves and work hands-on with the team.

  • Comfortable with ambiguity — Razorpay moves fast and both regulatory and AI landscapes are evolving.

  • Good interpersonal and communication skills.

Razorpay believes in and follows an equal employment opportunity policy that doesn't discriminate on gender, religion, sexual orientation, colour, nationality, age, etc. We welcome interests and applications from all groups and communities across the globe.
Follow us on LinkedIn & Twitter
Apply now
See more open positions at Razorpay
Privacy policyCookie policy