Overview
Compliance Manager Jobs in India at Aletra
Title: Compliance Manager
Company: Aletra
Location: India
Role: Compliance Manager | Location: Delhi, Preferred and/or remote | SOC 2 Type II audit cycle end-to-end | Background in law, accounting, or audit |
Read the job description before applying.
This is not an evidence-collection role. Your job is to decide what the compliance program looks like, where it goes, and how it scales with the company.
To apply, please apply on LinkedIn and submit your current resume and cover note to [email protected]
A writing test submission on the topic provided in the JD is required for shortlisting. Applications without the writing test will not be reviewed. A note (300 words maximum) describing one compliance program you have personally designed and owned end-to-end, what the hardest design decision was, and what you would do differently if you started over today.
We are looking for genuine depth in three specific areas:
1. End-to-end audit ownership. You have owned at least one full SOC 2 Type II or ISO 27001 audit cycle from gap assessment through Type II observation period through fieldwork through report. You know where audits typically break down, what auditor questions to anticipate, and how to prevent the avoidable findings. You have been the named compliance owner, not the analyst supporting the owner.
2. Regulatory program design. You can scope a compliance program from scratch for a new product or a new customer segment. You decide what frameworks apply, how controls are architected, what residual risk the company accepts, and what gets escalated to founders versus what gets handled inside the function. You think in programs, not in policies.
3. Stakeholder navigation. You are comfortable explaining compliance trade-offs to engineering, sales, and customers without being either dismissive of the engineer's reality or overly cautious about the sales reality. You have been the compliance voice in customer security reviews. You know how to say no to a customer commitment in a way that preserves the relationship, and you know how to say yes in a way that engineering can actually deliver on.
What You Will Do
– Own the SOC 2 Type II audit cycle end-to-end: auditor selection, scope definition, control mapping, gap assessment, remediation planning, observation period management, fieldwork coordination, and report delivery.
– Design and maintain the compliance program architecture, including framework selection (SOC 2, ISO 27001, DPDP-specific controls, RBI sectoral guidance where applicable), control structure, and evidence collection cadence.
– Build and lead a small compliance team. You will hire your Compliance Analyst within the first 60 days and continue to scale the function as the company grows.
– Be the senior compliance voice in customer security reviews for strategic accounts. You will draft customer-facing security documentation, respond to deep security questionnaires, and present in customer security and risk meetings when needed.
– Monitor and translate Indian regulatory developments (DPDP, RBI, SEBI, CERT-In) into operational requirements. Brief the founder team on material developments with concrete recommendations on response actions.
– Manage the vendor risk and customer DPA programs at an architectural level. Set the policies and thresholds; your Analyst executes the operational work.
– Partner closely with engineering on control architecture. You will be in the room when engineering makes decisions about access control, encryption, logging, multi-tenancy, and data handling, not after the decisions are made.
– Own the company's response to security incidents from the compliance and regulatory side. Coordinate with engineering, legal counsel, and founder leadership on breach notification timelines, customer communications, and regulator engagement.
– Represent the company in industry forums, working groups, and customer advisory contexts when appropriate. Regulator Management experience, you should know how to build relationships with people who matter.
What You Must Have
– 6 to 8 years of full-time compliance experience, with at least the last 3 years in a senior or program ownership capacity.
– Direct ownership of at least one completed SOC 2 Type II audit cycle. Type I-only experience is not sufficient for this role.
– Working knowledge of DPDP and at least one other major regulatory framework (GDPR, CCPA, PIPEDA, or equivalent). You can read regulations, identify obligations, and architect operational responses.
– Demonstrated experience leading compliance program design from scratch not only operating within a program that someone else designed.
– Strong written and verbal English. You will write to founders, auditors, and customers. You will be present in customer meetings. You will draft regulatory responses.
– Demonstrated ability to operate in ambiguity without daily direction. This is a founding-team environment; we hire program owners who make calls, document the reasoning, and move on, not people who escalate every decision.
– Experience managing or mentoring at least one direct report or junior teammate.
What Would Help
– Direct experience with compliance automation platforms (Sprinto, Vanta, Drata, or equivalent) at the program-design level, choosing the platform, designing the control structure, and customising for your specific environment.
– Familiarity with multi-tenant SaaS architecture and the compliance implications of multi-tenancy at scale.
– Prior experience scaling compliance programs through Series A and Series B funding milestones.
– Indian fintech, BFSI, or regulated-enterprise customer-facing experience.
We do not accept AI-generated submissions where the candidate has clearly not engaged with the material themselves. If you use AI for research, fact-checking, or structure, the writing, the positions taken, and every sentence must be yours.
What Happens After You Apply
– Day 1–14 from submission: Application review. Shortlisted candidates receive an email from the Talent Team.
A Note On Fit
This role is for someone who has earned the right to own a compliance program and is ready to operate at that level inside a fast-moving company. If you are looking for a more structured environment with established processes and clear escalation paths, this is not the right seat. If you are looking for a seat where you can build the program that other companies will eventually study, we want to talk to you.
