IS Audit & Compliance Auditor - Information Security (7-9 yrs) Pune (DevOps)
Varutra Consulting Pvt. Ltd.
Pune
4d ago
source : hirist.com

The Lead information Security Auditor role is responsible for running the Organization's Information Security & Privacy Audit and Compliance Program.

It involves performing, supporting, reporting and documenting the effectiveness of the program. This is a hands-on position that requires practical experience in the areas of security & privacy audit & risk management.

  • The candidate is primarily responsible for executing defined security and privacy related audit activities. The auditor also helps in the application of security policies and standards across the company, including but not limited to software engineering, finance, operations, IT etc.
  • The ideal candidate will have 5-6 years of practical information security, privacy, audit and risk management experience in a regulated environment.
  • The organization is into a dynamic function, providing the opportunity for significant growth in knowledge and experience in the areas of information security, risk management & privacy.

    Primary Responsibilities :

  • Perform internal audits and ensure compliance against policies and external laws.
  • Maintain the audit calendar & program and provide periodic reports to stakeholders.
  • Improve on reporting mechanisms for the audit function
  • Track remediation of any findings from internal or external assessments.
  • Manage the audit risk assessment program
  • Identify security risks and develop solutions to eliminate or minimize risks.
  • Contribute to the data risk management program
  • Support the team in risk management activities
  • Support the vendor risk & client risk management program across the organization
  • Assist with successful implementation and enforcement of security policies and procedures across old & new technologies / systems / environments.
  • Participate with the implementation of security initiatives
  • Support team to implement the GRC initiatives with respect to audit programs
  • Must have working knowledge of GDPR, BCP-DR
  • Mandatory skills : Information Secuirty, Risk,PCI-DSS,Audit Requirements

  • Engineering Graduate in Computer Science, Information Systems, or related field
  • 7-9 years in an Information Security role with progressive experience in the following areas :

  • Audits and assessments - information security, network security, application security, physical security, privacy etc.
  • Information or IT risk management and compliance
  • Knowledge of various standards like ISO 27K, CoBIT, PCI-DSS, etc.
  • Understanding of Privacy regimes
  • Moderate-level knowledge of and experience with :

  • TCP / IP architecture, routing protocols and security
  • Windows OS, GPO, DNS DHCP and Active Directory security concepts
  • Solaris and Linux host and network security concepts
  • Application Security concepts from an audit perspective
  • MS Office (Word, Excel, PowerPoint)
  • Excellent organization, communication and presentation skills with the right attitude
  • Ability to multi-task
  • General professional writing proficiency
  • Experience in the financial services industry is preferred
  • ISO27001 : 2013 Certification Mandatory
  • Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form