Job
Description
Job Title: Lead Auditor- GRC Experience: 2-5 Years Location: Mumbai (Thane) Work Mode: WFO Notice Period: Immediate joiner - 15 days Primanry Skills: GRC, ITGC/ISO 27001, ISO 27701, PCI DSS, Internal Audit Education Qualification: Any Degree Roles and Responsibilities: Security, Compliance, and GRC Strategy: Develop and implement a comprehensive strategy for IT security, compliance, and GRC to align with organizational objectives. Oversee governance frameworks, ensuring effective policies, standards, and procedures are in place to manage IT and cyber risks. Deliver and report on the status of IT security audit recommendations and GRC initiatives to stakeholders. Compliance Documentation: Prepare and maintain detailed documentation to meet ITGC, ISO 27001, ISO 27701, SOC 2, PCI DSS, GDPR, NIST, and other national and international regulatory compliance requirements. Ensure accurate record-keeping and reporting to support audits and regulatory filings. Audit and Risk Management Lead internal audits, conduct self-assessments, and coordinate third-party risk assessments of technology infrastructure, operational processes, and controls. Perform scheduled IT compliance audits across diverse sectors, such as Banking/NBFC, Power, IT, Manufacturing, and Service industries. Identify, evaluate, and mitigate IT risks by establishing robust risk management processes. GRC Integration and Framework Mapping Design and implement GRC frameworks to integrate governance, risk, and compliance initiatives into a unified program. Establish mapping of various IT/Information/Cyber Security standards and frameworks to streamline compliance and risk assessment processes. User Awareness and Training Develop and execute user awareness programs and training initiatives to foster a culture of compliance and cybersecurity awareness across the organization. Policy Development and Monitoring Create, maintain, and enforce IT and information security policies in line with business objectives and regulatory requirements. Monitor adherence to policies and recommend improvements to ensure ongoing effectiveness. Continuous Improvement Analyze audit findings, risk assessment results, and GRC program outcomes to identify areas for improvement. Develop and implement action plans to enhance organizational resilience and compliance posture. Required Skills: Experience in Delivery of and reporting on the status of all IT security audit recommendations. Experience in preparing documentation based on ITGC, ISO 27001, ISO 27701, SOC2, PCI DSS, GDPR, NIST and any National & International regulatory compliances. Have conduct both self-assessments and coordinate third-party risk assessments of technology infrastructure and operational processes and controls for assigned areas. Conduct scheduled, targeted IT compliance audits for the organization/clients like; Banking / NBFC, Power / IT/manufacturing / Service Sector, etc. Development and execution of User awareness and training program. Have established in mapping of various IT/Information/Cyber Security Standards and Frameworks to Integrated Compliances and Risk Assessment. Show more Show less
