Urgent Opening For Tech Audit - PHI

About the Job

Prudentials purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assuredfor our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our peoples career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

Prudential Health India (PHI)

To partner us in this mission, we are looking for a talented candidate for the role of

Tech Audit Lead

Note:

• Tech Audit Lead

People Manager Role

Experience:

Job Profile Summary

The Tech Audit Lead will be responsible for establishing and leading the technology audit function at PHI, ensuring compliance with internal policies, regulatory frameworks (IRDAI, GDPR, HIPAA), and global Prudential standards. This role will oversee audit trails, vulnerability management, and risk mitigation across PHI’s cloud-native infrastructure and applications.

• Develop and implement a comprehensive technology audit strategy and annual audit plan aligned with PHI’s business and regulatory requirements.
• Conduct risk-based audits across infrastructure, applications, data platforms, and security controls.
• Ensure complete and tamper-proof

  audit trails

  of user activities, data changes, and system events.
• Collaborate with InfoSec, DevSecOps, and AppSec teams to validate remediation of vulnerabilities and ensure patch compliance.
• Lead

  privacy impact assessments

  ,

  penetration testing reviews

  , and

  security onboarding

  for new applications.
• Monitor and report on the implementation of audit recommendations and track remediation progress.
• Maintain documentation and audit logs in accordance with professional standards and Prudential Group policies.
• Support investigations into technology-related incidents, control breaches, or compliance failures.
• Present audit findings and risk assessments to senior leadership and the Audit Committee.
• Stay updated on emerging risks, regulatory changes, and best practices in technology audit and governance.

Security & Compliance Technologies

• Implement and audit

  SAST

  ,

  DAST

  , and

  SCA

  scanning tools and processes.
• Ensure secure integration of CI/CD pipelines using

  Checkmarx

  ,

  GitHub

  ,

  GitHub Actions

  ,

  HashiCorp Vault

  , and

  Azure AD

  .
• Oversee onboarding and compliance of

  WAF (Web Application Firewall)

  solutions including

  Imperva API Security

  and

  DDoS/WAAP protection

  .
• Validate controls for

  privileged access management

  using tools like

  CyberArk

  .
• Ensure compliance with

  data classification

  ,

  encryption standards

  , and

  endpoint protection

  policies.

Who We Are Looking For

Technical Skills & Work Experience

• Bachelor's in Engineering, Computer Science, or equivalent; certifications in CISA, CISSP, or ISO 27001 are a plus.
• 10–18 years of experience in technology audit, risk management, or compliance, preferably in insurance or financial services.
• Strong understanding of

  GCP

  ,

  CI/CD pipelines

  ,

  DevSecOps

  , and

  infrastructure as code

  .
• Experience with tools such as

  Checkmarx

  ,

  GitHub

  ,

  Azure AD

  ,

  HashiCorp Vault

  ,

  CyberArk

  , and

  Imperva

  .
• Familiarity with

  SQL and NoSQL databases

  , encryption standards, and data classification frameworks.
• Proven ability to lead cross-functional audit engagements and manage stakeholder expectations.

Personal Traits

• Strategic thinker with strong analytical and investigative skills.
• High integrity and ethical standards.
• Excellent communication and presentation skills.
• Ability to work independently and manage multiple concurrent audits.
• Strong attention to detail and documentation discipline.

What Can Make You Extra Special

• Experience in setting up audit functions in greenfield environments.
• Exposure to IRDAI audits and regulatory inspections.
• Familiarity with centralised vulnerability dashboards and build breaker enforcement.
• Experience with public-facing application security, DDoS/WAAP onboarding, and penetration testing workflows.

Language

Fluent written and spoken English

If anyone interested can share their resume at Neha,Tiwari@prudentialplc.co.in