Lead Auditor

Job Title:

Experience:

Location:

Work Mode:

Notice Period:

Primanry Skills: GRC, ITGC/ISO 27001, ISO 27701, PCI DSS, Internal Audit

Education Qualification: Any Degree

Roles and Responsibilities:

• Develop and implement a comprehensive strategy for IT security, compliance, and GRC to align with organizational objectives.
• Oversee governance frameworks, ensuring effective policies, standards, and procedures are in place to manage IT and cyber risks.
• Deliver and report on the status of IT security audit recommendations and GRC initiatives to stakeholders.
  

• Prepare and maintain detailed documentation to meet ITGC, ISO 27001, ISO 27701, SOC 2, PCI DSS, GDPR, NIST, and other national and international regulatory compliance requirements.
• Ensure accurate record-keeping and reporting to support audits and regulatory filings.
  

• Lead internal audits, conduct self-assessments, and coordinate third-party risk assessments of technology infrastructure, operational processes, and controls.
• Perform scheduled IT compliance audits across diverse sectors, such as Banking/NBFC, Power, IT, Manufacturing, and Service industries.
• Identify, evaluate, and mitigate IT risks by establishing robust risk management processes.
  

• Design and implement GRC frameworks to integrate governance, risk, and compliance initiatives into a unified program.
• Establish mapping of various IT/Information/Cyber Security standards and frameworks to streamline compliance and risk assessment processes.
  

• Develop and execute user awareness programs and training initiatives to foster a culture of compliance and cybersecurity awareness across the organization.
  

• Create, maintain, and enforce IT and information security policies in line with business objectives and regulatory requirements.
• Monitor adherence to policies and recommend improvements to ensure ongoing effectiveness.
  

• Analyze audit findings, risk assessment results, and GRC program outcomes to identify areas for improvement.
• Develop and implement action plans to enhance organizational resilience and compliance posture.
  

Required Skills:

• Experience in Delivery of and reporting on the status of all IT security audit recommendations.
• Experience in preparing documentation based on ITGC, ISO 27001, ISO 27701, SOC2, PCI DSS, GDPR, NIST and any National & International regulatory compliances.
• Have conduct both self-assessments and coordinate third-party risk assessments of technology infrastructure and operational processes and controls for assigned areas.
• Conduct scheduled, targeted IT compliance audits for the organization/clients like; Banking / NBFC, Power / IT/manufacturing / Service Sector, etc.
• Development and execution of User awareness and training program.
• Have established in mapping of various IT/Information/Cyber Security Standards and Frameworks to Integrated Compliances and Risk Assessment.