AssociateComplianceManager

## Description About the Team  Meesho's Security & Compliance team safeguards a platform that 5% of Indian households shop with - millions of orders, billions of data points, zero downtime as a baseline. We own the Information Security Management System, drive every external certification, and shape how Meesho earns trust with sellers, buyers, partners and regulators. We move fast, default to automation, and obsess over evidence.   About the Role This is a hands-on individual contributor role for someone who wants to drive - not just oversee - a multi-framework compliance program. You'll be the DRI for ISO 27001:2022 and SOC 2 Type II, run end-to-end ITGC and TPRM cycles, and help operationalise India's DPDP Rules 2025 across a product organisation that processes data at meaningful scale. You'll work directly with Engineering, IT, Legal, Product, and external auditors.         ## What you will do Certifications & external audits Own the certification and surveillance cycle for ISO 27001:2022 and SOC 2 Type II; act as the single point of contact for external auditors. Plan and execute readiness assessments, gap closure, evidence collection, control walkthroughs, and management responses. Maintain audit calendars, evidence repositories, and bridge letters between audit windows. Drive PCI DSS v4.0.1 scope-reduction and assessment activities for in-scope environments. ISMS, policies & frameworks Maintain Meesho's ISMS aligned to ISO 27001:2022 - all 93 Annex A controls mapped across Organizational, People, Physical and Technological themes, with named owners and live evidence. Author, review, version-control and socialise security policies, standards, and procedures. Map controls across frameworks: ISO 27001:2022, SOC 2 TSC, PCI DSS v4.0.1, NIST CSF 2.0, CIS Controls v8, DPDP. ITGC & internal audits Design, test and continuously improve IT General Controls: access management, change management, IT operations, and SDLC. Plan and execute internal audits; track findings to