Manager/Asst. Manager - Internal Audit

Role & responsibilities

This position would include the mentioned set of responsibilities but not limited to:

• Develop and implement a comprehensive, risk-based Information Technology Audit Plan aligned with the organizations objectives and regulatory requirements.
• Plan, conduct, and report on IT / IS audits, risk assessments, and compliance reviews across applications, infrastructure, cloud environments, and third-party service providers.
• Assess and validate the adequacy and effectiveness of IT and Information Security controls, policies, and procedures in line with ISO 27001, PCI-DSS, DPDPA, SOC 2, and other applicable standards or regulatory frameworks.
• Identify control gaps, security vulnerabilities, and process inefficiencies, and recommend actionable measures for mitigation and improvement.
• Collaborate closely with IT, IS, cybersecurity, and business teams to ensure timely remediation of audit findings and continuous improvement of the control environment.
• Perform in-depth security assessments of cloud platforms (AWS, Azure, GCP), network infrastructure, and applications to evaluate their compliance and resilience.
• Execute audits and reviews covering IT Applications, IT Governance, Cybersecurity, and Technology Risk Management within defined timelines and scope.
• Conduct third-party, vendor, and partnership arrangement audits to evaluate external risk exposures and control effectiveness.
• Audit Data Lifecycle Management and compliance to the applicable guidelines
• Prepare comprehensive audit reports, executive summaries, and presentations for senior management and relevant stakeholders.
• Stay updated on industry developments, regulatory updates (RBI, PCI-DSS, DPDPA, etc.), and emerging cybersecurity threats to strengthen the organization’s audit and control framework.
• Lead and participate in internal and external IT / security compliance audits, ensuring alignment with company policies, standards, and best practices.
• Mentor and guide audit team members on audit methodologies, risk assessment techniques, and best practices.
• Assist in regulatory audits and inspections conducted by external bodies such as RBI, PCI-DSS assessors, or other authorities.
• Review Business Continuity Planning (BCP) and Disaster Recovery (DR) drills to ensure operational resilience and preparedness.

Applicants should possess the following attributes:

• Experience in ISO 27001, SOC 2, PCI-DSS or RBI, SEBI guidelines compliance.
• Knowledge of penetration testing, vulnerability assessments, and security operations.
• Hands-on experience with SIEM, DLP, IAM, and other security tools.
• Prior experience in a Big 4 audit firm or financial services sector is an advantage.
• Effective Team Management
• Excellent communication skills with the ability to present technical findings to nontechnical stakeholders.
• Strong understanding of IT security frameworks, governance, risk, and compliance (GRC) principles.