Assistant Manager Or Lead - Audit & Compliance

Job Description:

Primarily responsible for executing defined security and privacy related audit activities. The auditor also helps in the application of security policies and standards across the company, including but not limited to software engineering, finance, operations, IT etc.
We are looking for Senior resource with experience of practical information security, privacy, audit and risk management experience in a regulated environment.

Roles & Responsibilities:

• Perform internal audits and ensure compliance with policies and external laws.
• Maintain the audit calendar & program and provide periodic reports to stakeholders.
• Improve reporting mechanisms for the audit function.
• Track remediation of any findings from internal or external assessments.
• Manage the audit risk assessment program minimize.
• Contribute to the data risk management program.
• Support the team in risk management activities organization.
• Assist with successful implementation and enforcement of security policies and procedures across old & new technologies / systems/ environments.
• Participate in the implementation of security initiatives.
• Support team to implement the GRC initiatives with respect to audit programs.
• Must have working knowledge of GDPR, Implementation, SOC2, ISMS.
• Work with security product development team to guide them and contribute as a technical advisor. Provide counseling/coaching, oversight, and support for delivery teams and staff.
• Handle business issues/customer requirements and provide timely solutions. Mentor team(s), handle client meetings, get engaged in business meetings, work on proposals and active pre-sales.
• Able to take the team to new heights in terms of participating in research work, motivate them for writing whitepapers, speaking into conference, etc.
• Good understanding of business issues/customer requirements and management. Excellent Communication and Analytical skills. Highly detail oriented and strong interpersonal skills. Problem solving skills in a multi-product/service environment. Ready to adapt to a challenging and high demanding work environment.
• Must have one certification in Information Security, Compliance & Risk Management at least.

Mandatory skills:

• Information Security, Risk, IT GRC, Audit.
• Audits and assessments - information security, network security, application security, physical security, privacy etc.
• Information or IT risk management and compliance Knowledge of various standards like ISO 27K, COBIT, PCI-DSS, "00, IT GRC etc. Exposure to regulatory audits will be an added advantage.
• Understanding of Privacy regimes
• Application Security concepts from an audit perspective
• MS Office (Word, Excel, PowerPoint)
• Excellent organization, communication, and presentation skills with the right attitude
• Ability to multi-task
• General professional writing proficiency
• Experience in the services industry is mandatory.
• ISO 27001:2022 Certification Mandatory, CISA/CISM preferable but not mandatory.
• Having exposure on vendor & client management.
• CISO responsibilities: Experience in developing CxO level dashboards , Cybersecurity Knowledge | Leadership and Management | Risk Management | Security Strategy and Planning |Compliance and Regulations | Incident Response and Recovery | Security Architecture |Security Awareness Training |Security Technology |Security Assessment and Auditing | Vendor Management |Communication Skills | Legal and Ethical Awareness | Threat Intelligence | Crisis Management |
• Continuous Learning | Strategic Planning | Business Acumen | Interdepartmental Collaboration | Problem Solving

Eligibility:

Any Bachelor's in IT or Security or equivalent degree.