Vivriti Capital | Information Security Auditor

About Vivriti Group:Vivriti Group is a pioneer in the Mid-Market Lending space providing tailored debt solutions to mid-sized entities. The group has the following businesses:Vivriti Capital Limited, a systematically important NBFC (NBFC ND-SI) regulated by RBI. As on date, Vivriti Capital has disbursed USD 3 billion across 300+ enterprise borrowers and is rated A+ by CRISIL.Vivriti Asset Management, subsidiary of Vivriti Capital, is a fund manager to fixed income alternate investment funds (AIFs). As on date, Vivriti Asset Management has across funds, raised commitments of over USD 500 million from 900+ Institutional and private contributors. Vivriti AMC has also made investments of over USD 575 million across 80+ entities.Role: Manager - Information Security AuditAssist with audit scoping and planning process, understand risk, and evaluate controls for IT application and infrastructure controlsPlan, lead and execute IS audit, which shall also include managing the conduct of audit(s) (through external consultants, if required) and ensure that they are delivered on time, on budget, and meet the required standardsDocument detailed work papers and test strategies.Front face and serve as a point of contact for all external and statutory audits in the scope of IT and Information SecurityPeriodic review the IS Audit policy of the organization to ensure adequacy and sufficiency as per regulatory and legal requirement.Assess/Audit and report policy compliance for critical IT policies on a periodic basisTest internal controls across the company's application(s), infrastructure, and databases, key business processes; Review security and availability controls in Servers, Databases, Storage arrays, Middleware, Datacenters, Network devices, Firewalls, Antivirus, Intrusion Detection Services (IDS), and Intrusion Prevention System (IPS)Articulate and discuss control issues/gaps and corrective action plans with stakeholders and Internal Audit HeadPrepare audit reports for Senior management, audit committee and auditees.Validate management's remediation for audit issue closure as per agreed periodicity and report status to the stakeholders and committee.Document all interactions with Audit team and stake holders and retain evidence related to audit for validation/ verificationDevelops, maintains and continually improves the design, implementation, efficiency and automation of continuous auditing reports, tools and techniques used to evaluate company-wide controlsSkill Set and qualification Requirement:A degree in information technology/computer information systems or related. (essential) with 8-12 experience in IT / Information Security Audit from Banks / NBFCs.Certified Information Systems Auditor (CISA) (essential).Other relevant certifications such as CISSP/ CISM / ISO 27001:2022 Lead Auditor is added advantageExperience with firewalls (functionality and maintenance), Office 365 Security, VSX, and Endpoint Security, Financial and IT application experienceExpert in Firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and Security Audits.Clear understanding of IT audit methodologies, ability to work under pressure in a fast-paced environment.Staying up to date on changing regulations from RBI and SEBI.Good understanding Data Protection and privacy regulations.Should possess working experience (i.e. technical hands-on experience) in cyber/IT audit role and should have carried out one or two audits with complete scope of IS Audit/ ISO certification Audit in the last two years.Audit experience in BFSI sector or any cert-in empaneled audit firm is preferredMust possess good written and Oral Communications skills.Good Telephone and Email etiquette.Interpersonal Skills, dealing with objectivity and conducting fair and unbiased audit.Must be able to work independently as well as in a teamAbility to multi-task is required.Additional Requirement:Self-motivated achiever who gains satisfaction in providing excellent stakeholder SupportActively participate in Team meetings & provide suggestions for improvement and open to accept feedbackAbility to research and analysis for any new issues and to provide solutions AGG