Job
Description
Role & responsibilities Key highlights of the role are listed below (purely indicative and not limiting):This position would include the mentioned set of responsibilities but not limited to: Develop and execute the Information Security Audit Plan based on a risk-based approach. Conduct IT security audits, risk assessments, and compliance reviews across applications, infrastructure, and third-party vendors. Evaluate IT / Information Security policies, procedures, and controls to ensure compliance with ISO 27001, PCI-DSS, DPDPA, SOC 2, and other relevant standards. Identify security risks, control weaknesses, and process inefficiencies, providing recommendations for mitigation. Work closely with IT, IS, cybersecurity, and other business teams to ensure audit findings are addressed in a timely manner. Perform security assessments of cloud environments (AWS, Azure, GCP), network security, and application security Prepare detailed audit reports, executive summaries, and presentations to relevant stakeholders Monitor industry trends, regulatory changes, and emerging cyber threats to enhance the organizations security posture. Lead and conduct internal and external IT / security compliance audits, ensuring adherence to company policies and industry best practices. Mentor and guide the team in audit methodologies and best practices. Assist in IT and cybersecurity audits by external regulators (RBI, PCI-DSS, etc.). Applicants should possess the following attributes: Experience in ISO 27001, SOC 2, PCI-DSS or RBI, SEBI guidelines compliance. Knowledge of penetration testing, vulnerability assessments, and security operations. Hands-on experience with SIEM, DLP, IAM, and other security tools. Prior experience in a Big 4 audit firm or financial services sector is an advantage. Effective Team Management Excellent communication skills with the ability to present technical findings to nontechnical stakeholders Strong understanding of IT security frameworks, governance, risk, and compliance (GRC) principles. Familiarity with financial, regulatory or other requirements related to information security. Experience in performing security assessments of cloud environments (AWS, Azure, GCP), network security, and application security Strong analytical, problem-solving, and leadership skills.
