IT Risk, Security & Audit Lead

Job Title: IT Risk, Security & Audit Lead

Years of Experience:

Location:

Job Summary:

cybersecurity, IT risk management, audit frameworks, and regulatory compliance

Key Responsibilities:

• Security Governance, Compliance & Audit

• Define and maintain the IT risk, audit, and cybersecurity framework aligned with RBI, ISO 27001, PCI-DSS, SOC2, and other applicable standards.

• Lead and own all audits and certifications

   (internal, external, ITGC, regulatory, ISO, PCI-DSS, SOC2, etc.) ensuring readiness, execution, and successful closure.
• Ensure compliance with regulatory guidelines (RBI Master Directions, CERT-In advisories, DPDP Act, etc.)
• Manage audit observations/findings and drive timely remediation with IT and engineering teams.
• Oversee periodic 

  Vulnerability Assessments and Penetration Testing (VAPT)

   in collaboration with internal teams and external vendors.

• Risk Management & Control

• Identify, assess, and monitor IT & cyber risks across infrastructure, applications, APIs, and cloud environments.
• Establish KRIs/KPIs for risk and audit reporting to management and regulators.
• Drive remediation of identified risks and audit gaps with accountable teams.

• Security Operations & Incident Management

• Lead SOC activities including log monitoring, threat intelligence, and anomaly detection.
• Define and test incident response plans (data breach, ransomware, insider threat, etc.).
• Coordinate with vendors, auditors, and regulators for timely reporting and resolution of incidents.

• Stakeholder Engagement & Advisory

• Act as the bridge between technology teams, compliance, auditors, and business stakeholders.
• Educate teams on secure coding practices, DevSecOps principles, and compliance requirements.
• Present periodic 

  security posture, risk, and audit status reports

   to leadership.

• Technology & Continuous Improvement

• Oversee security tools (SIEM, DLP, WAF, IAM, Endpoint Protection, etc.) and ensure effective utilization.
• Recommend and implement emerging cybersecurity and audit-supporting technologies.
• Build a culture of security and audit awareness through training, phishing simulations, and periodic workshops.

Required Skills and Qualifications:

• Experience:

   8+ years in IT risk management, audits, cybersecurity, or related domains; minimum 3+ years in a leadership role.

• Education:

   Bachelors or Masters in Information Security, Computer Science, or Engineering.

• Technical Expertise:

• Strong understanding of security & audit frameworks: ISO 27001, NIST, COBIT, PCI-DSS, SOC 2.
• Hands-on experience with audit & security tools: SIEM, vulnerability scanners, GRC tools, DLP, IAM, EDR/XDR.
• Knowledge of cloud security (AWS/Azure/GCP) and secure architecture principles.
• Familiarity with DevSecOps, API security, and container security (Docker, Kubernetes).

• Domain Knowledge:

   Prior experience in banking/NBFC/fintech with strong understanding of RBI and Indian regulatory landscape.

• Soft Skills:

   Strong audit & risk-based decision-making, leadership, communication, and stakeholder management skills.

Preferred Qualifications:

• Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, CEH, OSCP (any combination preferred).
• Experience with 

  end-to-end certification processes

   (ISO, PCI-DSS, SOC2, etc.).
• Experience with data privacy compliance (DPDP Act, GDPR).
• Exposure to fraud detection systems, transaction monitoring, or payment security.
• Experience in vendor risk management, 

  third-party audits

  , and audit remediation tracking.
• Strong knowledge of business continuity planning (BCP) and disaster recovery (DR) in BFSI.

  Role & responsibilities