Roles and Responsibilities:-

External Audit Team is responsible for managing all external Compliance audits including CISA audits for various ongoing /new licenses, certifications including PCI DSS, ISO 27001 audits initiated by Partner banks, and regulatory inspection by regulators like RBI /ReBit/NPCI/IRDA etc.

- Manage all external audits : Plan,manage all IT audits including CISA (PPI), CISA (insurance), PCI, DSS, partner bank audits, ISO 27k and non IT audits including RBI/ ReBIT Audit,NPCI review /IRDA audit etc.

- Fore fronting all the audits and act as POC for all escalations for any audit related activities

- Plan the audit calendar and schedule the audits for stakeholders

- Manage regulatory framework driven reviews conducted by external auditors /regulatory bodies

- Manage and train the team to handle architecture review, network/infra reviews, configuration audits, review of system controls (ITGC /ITAC controls), cloud infrastructure. Prepare and train team members to liaise with auditors to explain infosec posture, infosec org structure, physical /logical security, data center reviews, MSSP reviews, Soc reviews, etc.

- Renewal of certifications on time. (ISO and PCI DSS)

- Review of policies and procedures on a periodic basis or whenever there is change and place it to Operational Compliance for approvals in a timely fashion

- Project management for implementation of security controls from audit corrective action plans by liaising with different teams.

- Responsible for performing risk assessments for all IT assets and processes periodically and ensuring RA/ RTP is in place. Manage and ensure the Business Impact Assessment of new businesses, applications etc.

- Interpret IT to control requirements from regulatory guidelines and circulars and provide feedback from an audit perspective to the stakeholders

- Ensure that IT regulatory requirements are tracked and continuously monitored

- Provide status of audit findings, implementation of controls as per audit recommendations and ensure all audit observations are taken to closure

- Exception management, review (periodic) controls, analyze and make appropriate recommendation- Provide Guidance to stakeholders on Periodic updation to BCP strategy, liaising with teams to perform drills, etc.

- Vendor Risk Management/TPRM Process

- Manage Third party risk assessment for all IT vendors, review the risk categorization on a regular basis and evaluate the vendor security control inventory and ensure continuous evaluation of vendors

- Evaluate the review results of consultants and ascertain the adequacy of control testing.

- Evaluation of IT vendors on the security posture before onboarding and on an annual/periodic basis.

- Collaborate with Infosec function and other relevant functions to ensure infosec controls within the organization.

Role Requirements:

- CISA /DISA/CIA /IT Auditor

- Consulting experience, IT advisory service experience, IT consultants, experience in VAPT, cyber security etc

- 14 - 16 years of experience in the relevant field in audit departments or Internal controls division, experience in conducting audits with Big4 or lead internal compliances or IT risk advisory functions for companies

- Standard specific compliance reviews and implementation experience in PCIDSS, ISO 27001,/ cobit/ISO 22301.

- Reasonable conceptual understanding of information security framework like ISO 27001, IT act, RBI regulations, IRDA regulations, Sebi etc

- Project management skills

- Role requires deep technical know-how and strong experience in guiding teams during external audits

- Compliance orientation coupled with business enablement mindset

- Collaborative approach to problem-solving

- Strong understanding of IT/infosec controls and regulations of financial services products

- Ability to manage a team of 6-10 team members

- Delivers concise and effective communications with authority

- Highly adaptable in dynamic environments Integrity, capable of rigorous analytical approach and result oriented

- Flexible and stress-resistant

- Ability to organize and prioritize

- Perseverance in the analysis of issues

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.