Information Technology Audit Manager

Roles and Responsibilities: -Maintenance:- Ensure Review of policies and procedures on a periodic basis or whenever there is change and place it for Management approvals to board on a timely fashion- Preparation of architectural diagrams and technical documentations for audit and regulatory purposes along with stakeholders and consultants - Ensure the Business Impact Assessment of new businesses, applications etc.- Ensure Risk assessments for all IT assets and processes periodically and ensure RA/ RT is in place.- Run project management for implementation of various security controls by liaising with different teams. - Renewal of certifications on time (ISO 27001 and PCI DSS)- Review all merchant and IT vendor contracts for clauses w.r.t information security and regulatory requirementsMonitoring and Guidance:- Exception management, review (periodic) controls, analyse and make appropriate recommendation- Provide guidance to the stakeholders with respect to the contractual obligation on IT policy management and process implementations.- Provide guidance to stakeholders on Periodic updates to BCP strategy, liaising with teams to perform drills etc. Guide team members on planning Phishing and other information security drills- Evaluation of vendors, review of internal tool reviews for SRE /Engg. teams /PhonePe functions from Data security angleRegulatory and Compliance audits:- Interpret IT control requirements from regulatory guidelines and circulars and prepare a detailed framework for implementation and Advisory on implementation of information security controls - Ensure that IT regulatory requirements are tracked and continuously monitored. - Plan audit calendars and schedule the same.- Manage all internal and external audits related to IT and Non IT .- Plan and Overseeing all IT audits (including CISA (PPI) ,RBI/ ReBIT Audit, ISNP &; CIS (insurance), PCI DSS, System Audits, partner bank audits, ISO 27k ,Stat audits ,NPCI audits etc.- Fore fronting all the audits and act as POC for all escalations for any audit related activities- Liaise with auditors to explain infosec posture, org structure, provide technical architecture overview, process understanding on IT controls etc. - Support management to provide audit finding responses, implementation of controls as per audit recommendations etc and ensure all IT audit observations are taken to closure Must Haves -- 7 to 9 years of work experience, BE / relevant experience in Group 4 consultancies, or likes of Group 4 . CISA / DISA / CIA preferred.- Has high ethical standards and are able to work diligently to complete your duties.- Has an analytical mind able to "see" the complexities of procedures and regulations.- Demonstrate the ability to plan and execute projects with minimal management support. PRB