IT - IS Auditor

Overview

We are looking for a motivated ITGC & ITAC Audit and Compliance Specialist with 1-5 years of hands on experience in planning, executing, and reporting on IT General Controls (ITGC) and IT Application Controls (ITAC) audits assessing control effectiveness, and ensuring compliance with regulatory, statutory, and industry standards like ISO 27001:2022 NIST, OWASP, DPDPA, HIPPA, etc., This role supports business applications, IT infrastructure ( On premises & Cloud), financial systems, support, and SOC-related functions by implementing risk-based Information Security assessments and ability to recommend remediation measures and industry best practices. Prior exposure to fintech or high-sensitivity data (PII) environments will be a strong advantage.

Responsibilities

• Perform ITGC audits covering Risk Management, access management, change management, backup & recovery, IT operations, logical security, Incident management, Business Continuity, etc.
• Execute ITAC audits covering financial and operational systems, including transactional, authorisation, interface, and automated controls.
• Lead walkthroughs with process stakeholders to identify control gaps, risks, and dependencies.
• Evaluate the design and operating effectiveness of internal controls.
• Prepare risk and control matrices, test scripts, control effectiveness reports, and closure evidence.
• Guide engineering teams on secure coding standards, OWASP Top 10 API security, mobile security and architectural best practices.
• Help define internal data security guidelines and ensure engineering teams adhere to them.
• Enforce privacy-by-design principles during feature development.
• Coordinate with external clients and auditors to ensure smooth execution of external audits.
• Review cloud deployments for security controls (IAM, KMS, Security Groups, WAF, encryption, API Gateway configurations), SOC, BCP/DR, etc., and adherence to ISO 27001:2022 and Regulatory guidelines.
• Conduct internal Information and Cyber Security trainings and awareness programs.
• Conduct periodic control reviews for internal teams and third-party service providers, including vendor and supply chain risks.
• Perform system access reviews, production movement validation, and user access recertification.
• Assist in preparing compliance submissions to regulatory bodies.
• Participate in change advisory board meetings for compliance monitoring.
• Creation and maintenance of internal Information Security SOPs, Policies, Checklists, and guidelines in line with the ISO 27001:2022 Standard and guide respective teams in understanding these documents.
• Develop audit plans, control documents, and compliance dashboards.
• Prepare audit reports with observations, risk ratings, and remediation timelines.
• Follow-up closure for open observations and validate remediation evidence.
• Regulatory Alignment & Framework Management.
  
  

• ISO 27001/9001/22301/27701/HIPAA
• System and Organisation Control (SOC) 1 & 2
• SEBI Cyber Security & Cyber Resilience Framework
• SEBI/PFRDA system audit & Adoption of cloud framework guidelines
• Support external statutory, IT, and financial audits.
  
  

• Awareness of regulatory expectations in financial/AMC environments (advantage).
  
  

• IT INFRA Structure
• Fare knowledge on Servers & services, Network devices, network topology, communication ports, network architecture, etc.
• Familiarity with VAPT, threat modelling, and secure coding guidelines.
• Understanding of authentication frameworks (OAuth2 OIDC, MFA, JWT) and Logical Access Controls
• Change Management
• IT Operations Control
• Incident & Problem Management
• Logging & Monitoring
• Understanding of IT Infra & Application Vulnerabilities
  
  

• Core application controls
• Familiarity with application workflow, database structures, and logical control flows.
  
  

• Cloud Security Controls
• AD/Azure /AWS AD Access Controls
• Backup & DR Monitoring
• Evidence gathering and validation
  
  

This job was posted by Dileep Teja from WebileApps.