IT Audit & Compliance Professional

IT Audit & Compliance Professional

Job Description:

ESK Technologies is seeking an experienced IT Audit & Compliance to join our team in Bangalore:

- Ensuing SEBI Guidelines are followe'd going through new sebi rules which keep coming

- Creating reports for multiple Audits and Submitting to exchange

- Operational Audit (Evaluation of Company operations on IT/Security and Trading)

- IT Risk Audit

- Policy Enforcement

- Documentation

- Data protection Audits

- Application Audits.

- Performing Internal Audits

- Being updated with latest Audit Frameworks

Responsibilities:

Core Technical & Compliance Skills for IT Audit:

Audit Frameworks & Standards:

- Familiarity with SEBI Cyber Security Guidelines

- Understanding of ISO 27001, COBIT, NIST, SOC 2 frameworks

- Awareness of SEBI circulars (eg, System audit, VAPT frequency, cyber incident reporting timelines)

IT Risk Management:

- Conducting and documenting IT Risk Assessments

- Understanding of risk rating (like impact, residual risk, control mapping)

- Hands-on with risk registers, risk treatment plans

Application & Infrastructure Audit:

- Review of access Management, change management, backup,logging, resilience.

- Ensure event log generation, session handling, security controls are in place.

- Experience in tools like Nessus

Policy and Process Review:

- Drafting & validating IT policies: password, backup, access, data retention, encryption

- Ensuring enforcement across systems (check if logs, permissions, and configurations reflect policy)

Data Protection & Privacy Audits:

- Understanding of data classification, masking, retention

- Checking secure storage, encryption in transit/at rest, user access logs

- Checking secure storage, encryption in transit/at rest, user access logs

Security Control Validation:

- Hands-on or coordination of VAPT, patch audits, firewall rule reviews

- Check for 2FA, antivirus, endpoint control agents

- Check SFTP access, SSH key usage, or public cloud IAM policies

Documentation, Reporting & Regulatory Submissions:

- Creating Audit Trail, Evidence Repositories, and compliance dashboards

- Creating documents, reports, critical asset inventory.

- Prepare reports for SEBI, stock exchanges (NSE/BSE), internal compliance teams

- Format audit findings as per regulatory templates

Monitoring & Logging Validation:

- Review of tools like Zabbix, Nagios, or SIEM systems

- Check for log retention periods, event types, and audit policy alignment

Access Control Auditing:

- Reviewing LDAP/IAM policies

- Checking least privilege, role-based access control (RBAC)

- Joiner/mover/leaver process compliance checks