Information Security/GRC Auditor

Role & responsibilities

• Evaluate information security governance-risk-compliance practices at client organization using frameworks like ISO 27001, PCI-DSS, NIST, COBIT, ISO 31000, GDPR/DPDPA, SOC2, ISO 27701, ISO 22301, etc. Assess risk management strategies and compliance with various national and international frameworks and relevant regulatory guidelines such as RBI, IRDAI, SEBI, UIDAI, DOT, CEA, NSE etc.
• Stay updated with various regulatory changes with respect to GRC aspects.
• Good understanding of application and IT infrastructure VAPT reports.
• Perform testing of controls to identify and assess IT risks.
• Ensure controls are aligned with industry best practice standards and frameworks.
• Produce reports detailing assessment findings and present them to management.
• Plan and initiate compliance activities, including documentation of policies & procedures, to ensure adherence to implementation of various information & cyber security frameworks and regulatory requirements.
• Implement necessary changes to ensure compliance with evolving regulatory requirements.
• Facilitate clients during external audits by their regulators, including responding to queries raised during audit by the agencies.

• Proven experience of 2 to 7 years in information security governance, risk management, and compliance audits.
• In-depth knowledge of Indian regulatory guidelines, including RBI, IRDAI, SEBI, UIDAI, DOT, CEA, NSE etc.
• Ability to stay updated with regulatory changes and adapt compliance measures accordingly.
• Ability to perform thorough audits /assessments, identifying areas for improvement and facilitating in implementing effective solutions.
• Detail-oriented with strong analytical and problem-solving abilities.
• Excellent communication skills, including the ability to present findings and recommendations to the client management team.
• Must have excellent skills in preparing reports using MS Office like Word, Excel, and PPT.