Information Technology and Security Auditor

Information Technology and Security Auditor

Department:

Reports to:

Location:

Job Type:

Job Summary:

Information Technology and Security Auditor (IS Auditor) is responsible for leading and executing audits related to IT systems, cybersecurity, data governance, and technology infrastructure. This role ensures that IT and IS processes and controls are effective, secure, and aligned with regulatory requirements and business objectives. The position also plays a critical role in evaluating and improving the organizations risk posture in relation to technology and data security.

Key Responsibilities:

• Audit Planning & Execution

Develop and implement risk-based IS audit plans and programs.

Lead and conduct audits of IT infrastructure, applications, cybersecurity, and data security controls.

Evaluate the effectiveness of IT general controls (ITGCs), application controls, and logical access management.

• Cybersecurity & Risk Oversight

Assess organizational cybersecurity controls and practices, including vulnerability management, incident response,cloud security and network security.

Stay informed about emerging cyber threats through the use of emerging technologies like GenAI, ML and recommend improvements.

• Compliance & Governance

Ensure compliance with relevant laws, regulations, and frameworks (e.g. RBI, IRDAI etc.)

Review IT policies, procedures, and standards for effectiveness and compliance.

• Reporting & Recommendations

Prepare clear, concise, and well-documented audit reports with actionable recommendations.

Team Collaboration

Work closely with other audit team members and departments to share insights and coordinate enterprise risk management efforts.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, Information Systems, or related field (Masters preferred).
• Professional certifications such as

  CISA

  ,

  CISM

  ,

  CISSP

  , or

  CRISC

  are strongly preferred.
• 5–7 years of relevant experience in IT auditing, cybersecurity, or risk management, including 2–3 years in a lead role.

Must Have Skills & Competencies:

• Strong understanding of IT systems, networks, databases, and security protocols. Knowledge of regulatory and compliance frameworks, especially RBI regulations.
• Experience with cloud security (SaaS and IaaS models), Network Security, Third party Security.
• Effective communication skills, both written and verbal.