Assistant Manager Or Lead - Audit & Compliance

Job Description:

Primarily responsible for executing defined security and privacy related audit activities. The auditor also helps in the application of security policies and standards across the company, including but not limited to software engineering, finance, operations, IT etc.
We are looking for Senior resource with experience of practical information security, privacy, audit and risk management experience in a regulated environment.

Roles & Responsibilities:

• Perform internal audits and ensure compliance with policies and external laws.
• Maintain the audit calendar & program and provide periodic reports to stakeholders.
• Improve reporting mechanisms for the audit function.
• Track remediation of any findings from internal or external assessments.
• Manage the audit risk assessment program minimize.
• Contribute to the data risk management program.
• Support the team in risk management activities organization.
• Assist with successful implementation and enforcement of security policies and procedures across old & new technologies / systems/ environments.
• Participate in the implementation of security initiatives.
• Support team to implement the GRC initiatives with respect to audit programs.
• Must have working knowledge of GDPR, Implementation, SOC2, ISMS.

Mandatory skills:

• Information Security, Risk, IT GRC, Audit.
• Audits and assessments - information security, network security, application security, physical security, privacy etc.
• Information or IT risk management and compliance Knowledge of various standards like ISO 27K, COBIT, PCI-DSS, "00, IT GRC etc. Exposure to regulatory audits will be an added advantage.
• Understanding of Privacy regimes
• Application Security concepts from an audit perspective
• MS Office (Word, Excel, PowerPoint)
• Excellent organization, communication, and presentation skills with the right attitude
• Ability to multi-task
• General professional writing proficiency
• Experience in the services industry is mandatory.
• ISO 27001:2022 Certification Mandatory, CISA/CISM preferable but not mandatory.
• Having exposure on vendor & client management.
• CISO responsibilities: Experience in developing CxO level dashboards , Cybersecurity Knowledge | Leadership and Management | Risk Management | Security Strategy and Planning |Compliance and Regulations | Incident Response and Recovery | Security Architecture |Security Awareness Training |Security Technology |Security Assessment and Auditing | Vendor Management |Communication Skills | Legal and Ethical Awareness | Threat Intelligence | Crisis Management |
• Continuous Learning | Strategic Planning | Business Acumen | Interdepartmental Collaboration | Problem Solving

Eligibility:

Any Bachelor's in IT or Security or equivalent degree.