Job Summary:
We are seeking an experienced Internal Auditor with expertise in regulatory compliance and information security frameworks.
The role involves conducting audits, assessments, and reviews of internal processes and controls to ensure adherence to RBI System Audit Report (SAR) , ISO 27001, SOC 2, PCI-DSS, and other industry standards.
The ideal candidate will also lead enterprise-wide risk assessments and provide insights to strengthen business processes and internal control systems.
Key Responsibilities:
Audit & Compliance:
- Plan, execute, and report on internal audits across business functions, with emphasis on IT and security controls.
- Ensure compliance with regulatory guidelines such as RBI SAR, including early identification of risks, gaps, and non-compliance areas.
- Conduct audits aligned with ISO 27001, SOC 2, and PCI-DSS requirements.
- Liaise with external auditors and certification bodies to support third-party assessments and certifications.
Risk Assessment:
- Lead and coordinate enterprise risk assessments, identifying risks, evaluating their impact, and recommending mitigations.
- Maintain and update risk registers in line with industry best practices.
- Conduct regular risk reviews of business units and IT systems.
Business Process Analysis:
- Analyze end-to-end business processes to identify inefficiencies, control gaps, or compliance risks.
- Map processes and recommend improvements that align with control and compliance objectives.
- Evaluate process documentation and support business process reengineering initiatives.
Internal Control Design & Review:
- Design, evaluate, and enhance internal control frameworks across business and IT operations.
- Provide recommendations for control improvements to strengthen governance, risk management, and compliance.
- Perform control testing and effectiveness reviews for operational, financial, and IT controls.
Reporting & Communication:
- Prepare detailed audit reports and present findings to senior management.
- Track audit recommendations, ensure timely implementation of corrective actions, and monitor
residual risks.
- Maintain professional communication with stakeholders to ensure transparency and buy-in.
Qualifications & Skills:
Education:
- Bachelors/Masters degree in Accounting, Finance, Information Systems, or related field.
- CA, CIA, CISA, CISM, or equivalent certifications preferred.
Experience:
- Hands-on experience with RBI guidelines, especially SAR, ISO 27001, SOC 2, and PCI-DSS audits.
- Experience in business process mapping, control testing, and risk assessments.
Skills:
- Excellent understanding of regulatory compliance, information security, and internal controls.
- Proficiency in using GRC tools, audit software, and Microsoft Office Suite.
- Strong written and verbal communication skills.
Preferred Attributes:
- Familiarity with RBIs IT risk guidelines, DPDP Act, and other Indian regulatory frameworks.
- Ability to manage multiple audits and projects in a fast-paced environment.
Didn’t find the job appropriate? Report this Job
