Cybersecurity Auditor - GRC

Job Title: Cybersecurity Auditor / GRC Specialist

Experience Level: Mid-Level (3+ Years)

Location: Pune/Mumbai

Employment Type: Full-time

Role Summary

We are seeking a detail-orientated and analytical Cybersecurity Auditor to join our Governance, Risk, and Compliance (GRC) team. The ideal candidate has a minimum of 3 years of hands-on experience in information security auditing. You will be responsible for ensuring our organisation (and/or clients) maintains robust security standards, specifically focusing on ISO 27001 certification, SOC 2 attestation, and adherence to CERT-In (Indian Computer Emergency Response Team) guidelines.

Key Responsibilities

1. Compliance & Audit Management (ISO 27001 & SOC 2)

• Plan and execute internal audits against

  ISO 27001:2022

  standards and

  SOC 2 Trust Services Criteria (TSC)

  (Security, Availability, Confidentiality, Processing Integrity, and Privacy).
• Conduct gap assessments to identify non-conformities and work with IT/Engineering teams to implement remediation plans.
• Manage the evidence collection process for external audits and serve as a point of contact for external auditors.
• Maintain the Information Security Management System (ISMS) documentation, including policies, procedures, and risk registers.

2. Regulatory Compliance (CERT-In)

• Ensure organisational compliance with

  CERT-In directions

  , specifically regarding cyber incident reporting timelines (6-hour rule), log retention (180 days), and subscriber data handling.
• Monitor and update internal protocols based on the latest advisories and vulnerabilities published by CERT-In.
• Assist in the preparation of root cause analysis (RCA) reports for any security incidents as required by regulatory bodies.

3. GRC & Risk Management

• Conduct periodic Risk Assessments (RA) and Data Protection Impact Assessments (DPIA).
• Monitor third-party vendor risk by reviewing their security posture and compliance (TPRM).
• Track and report on key GRC metrics and Key Performance Indicators (KPIs) to senior management.

Required Qualifications & Skills

Education & Experience:

• Bachelor's degree

  in Computer Science, Information Technology, Cybersecurity, or a related field.

• Minimum of 3 years

  of proven experience in IT Audit, GRC, or Information Security compliance.

Technical Competencies:

• Deep knowledge of ISO 27001

  (Lead Implementer or Auditor knowledge preferred).

• Hands-on experience with SOC 2

  Type I and Type II preparation and auditing.

• Familiarity with CERT-In

  cyber security directions, DPDPA 2023 and the IT Act, 2000 (India).
• Understanding of IT infrastructure (cloud security, firewalls, endpoint security) to effectively audit technical controls.

Certifications (Preferred but not mandatory):

• CISA

  (Certified Information Systems Auditor)

• ISO 27001 Lead Auditor / Lead Implementer

• CompTIA Security+

  or

  CRISC

Soft Skills:

• Strong documentation and technical writing skills.
• Ability to communicate complex compliance requirements to non-technical stakeholders.
• Analytical mindset with high attention to detail.