Description:

Regulatory Compliance & Audit Specialist

Work Level: Individual Contributor

Industry: Banking (Risk Management & Compliance)

Education: PG / Masters Degree (Mandatory)

Role Summary:

We are seeking a "Decisive" and "Self-Motivated" Regulatory Compliance & Audit Specialist to safeguard the banks operational integrity within an increasingly complex regulatory landscape. In this critical role, you will be the primary guardian of compliance, monitoring RBI Master Directions, cybersecurity mandates, and the DPDP Act. You will lead the translation of high-level regulatory requirements into actionable internal controls, ensuring that Privacy by Design is woven into the fabric of our technology and processes. Acting as a central coordinator, you will collaborate with IT, Security (CISO), and Audit teams to close cybersecurity gaps and lead the preparation for high-stakes external and regulatory audits. The ideal candidate possesses deep technical knowledge of SOC, VAPT, and NIST frameworks, combined with the ability to manage complex regulatory filings and foster a culture of cybersecurity awareness.

Responsibilities:

- Regulatory Surveillance: Continuously monitor and interpret RBI Master Directions, circulars, and cybersecurity advisories to ensure the Banks policies remain current.

- Framework Implementation: Align internal operations with global and local frameworks, including NIST, ISO 27001, PCI-DSS, CIS controls, and the DPDP Act.

- Privacy by Design: Integrate privacy-centric principles into the development of new technologies and business processes to ensure data protection from inception.

- Audit Lifecycle Management: Lead the preparation, response, and remediation phases for internal, external, and regulatory audits, focusing on ISO 27001 and PCI-DSS compliances.

- Issue Remediation: Collaborate cross-functionally with IT and Business units to ensure the timely closure of cybersecurity audit issues identified during SOC reviews or VAPT assessments.

- Regulatory Reporting: Prepare and submit accurate cybersecurity-related filings and documentation as mandated by the RBI and other governing bodies.

- Stakeholder Communication: Provide the CISO team and executive stakeholders with timely updates on shifting regulatory landscapes and privacy requirements.

- Cybersecurity Training: Design and deliver internal training programs to enhance employee awareness of secure practices and compliance obligations.

- Risk Mitigation Strategy: Translate technical vulnerabilities (from VAPT reports) into business-risk language and develop actionable mitigation strategies for leadership.

- Data Privacy Governance: Act as a subject matter expert on DPDP Act implementation, ensuring data processing activities meet the highest legal and ethical standards.

Technical Requirements:

- Regulatory Mastery: 7+ years of experience in Banking Compliance with a deep understanding of RBI cybersecurity frameworks and reporting timelines.

- Security Assessment Knowledge: Hands-on experience interpreting SOC (Service Organization Control) reports and VAPT (Vulnerability Assessment and Penetration Testing) results.

- Compliance Frameworks: Practical experience in implementing and auditing against ISO 27001, PCI-DSS, and NIST Cybersecurity Frameworks.

- Data Privacy Expertise: Specialized knowledge of the DPDP (Digital Personal Data Protection) Act and its implications for the banking sector.

- Reporting Tools: Proficiency in regulatory reporting software and GRC (Governance, Risk, and Compliance) platforms.

Core Competencies:

- Decisive Leadership: Ability to take firm stances on compliance requirements and drive the organization toward remediation.

- Self-Motivated Execution: Capability to manage high-pressure audit timelines and regulatory deadlines independently.

- Collaborative Problem Solving: Strong interpersonal skills to navigate complex negotiations with IT and Audit teams during issue closure.

- Analytical Rigor: Exceptional attention to detail in reviewing regulatory circulars and internal control documentation.

- Strategic Communication: Ability to translate technical security requirements into clear, actionable briefs for non-technical stakeholders.