Information Systems IS Auditor

Role & responsibilities

Preferred candidate profile

Job Title: Information Systems (IS) Auditor

Location: Chennai, Tamil Nadu

Role Overview

We are seeking an Internal IS Auditor to drive the assurance pillar of our technology and cyber risk framework. This role aligns with the RBI Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices. You will provide independent assurance to the Audit Committee of the Board (ACB) and the IT Strategy Committee (ITSC) on the effectiveness of IT governance, cybersecurity, and operational resilience.

Key Responsibilities

• Maintain the Board-approved IS Audit Policy and define the IS Audit Universe, covering core information systems, cloud workloads, APIs, and digital/mobile channels.
• Execute a risk-based IS audit plan covering IT General Controls (ITGC), application security, and data integrity.
• Conduct structured gap analysis against the RBI IT Master Direction and Scale-Based Regulations (SBR), ensuring the NBFC meets its layer-specific compliance requirements.
• Implement continuous monitoring for critical systems to detect control drift in near real time.
• Audit IT and information security controls for outsourced partners and cloud service providers.
• Present thematic findings and critical cybersecurity issues to the ACB, ensuring appropriate management action and Board oversight on major IT and security initiatives.
• Verify the design and operating effectiveness of the Cyber Crisis Management Plan (CCMP) and Disaster Recovery (DR) drills, including half-yearly DR testing for critical systems.

Qualifications & Experience

Education: B.E. / B.Tech / MCA or equivalent.

Certification (Mandatory): CISA (Certified Information Systems Auditor).

Certification (Preferred): CISSP, CISM, or ISO 27001 Lead Auditor.

Experience: 35 years in IS Audit within an RBI-regulated entity (NBFC / Bank) or with a firm auditing financial institutions.

Regulatory Knowledge: Thorough understanding of the RBI Master Direction on IT Governance, Risk, Controls and Assurance Practices, and working knowledge of the NBFC Scale-Based Regulatory (SBR) framework.