Search by job, company or skills

Davies

Internal Auditor

Davies
Pune, India
5-7 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 27 days ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Department: Risk and Compliance

Location: Pune

Description

  • We are seeking an experienced Internal Auditor to support the business in achieving its objectives by conducting audits of our Global Information Security Management System (ISMS).
  • Reporting to the Group Security Audit & Assurance Manager, this role is responsible for performing technology, information security, cybersecurity, and compliance audits to assess the effectiveness of our ISO 27001 controls.
  • To be successful in this role, candidates must demonstrate excellent communication skills, hold ISO 27001 Lead Auditor certification, and possess strong documentation capabilities.
  • The ability to clearly articulate technical concepts to both technical and non-technical stakeholders across the organisation is essential.
  • Familiarity with additional industry standardssuch as Cyber Essentials, Cyber Essentials Plus, PCI-DSS, NYDFS 23 NYCRR 500, ISO 42001, CSA, and SOC 2is highly advantageous.
  • We are looking for individuals with strong interpersonal skills who can build effective working relationships at all levels.
  • The ideal candidate is a collaborative team playerflexible, approachable, and capable of managing multiple workstreams while meeting deadlines and maintaining excellent stakeholder engagement.
  • This is a full-time, office-based position located in Pune. Hybrid working arrangements may be considered following successful completion of the probation period.

Key Responsibilities

  • Conduct technology, information security, cybersecurity, and compliance audits to assess the design, efficiency, and effectiveness of internal security controls.
  • Lead remediation discussions with stakeholders, ensuring clear guidance and timely resolution of audit findings.
  • Develop audit plans, including scope and objectives, and ensure audit assignments are completed accurately and within agreed timelines.
  • Engage and collaborate with key internal stakeholders, maintaining professionalism to ensure successful delivery of audit engagements.
  • Perform remote auditing activities, including assessments of physical security controls.
  • Serve as an escalation point for internal audit queries, providing clarity and expert guidance.
  • Produce highquality audit documentation, reports, and supporting evidence.
  • Prepare and deliver monthly KPI/KRI reporting.
  • Support the coordination and delivery of global ISO 27001 external audits.
  • Share best practices and contribute to the promotion of innovation across the security function.
  • Foster a culture of continual improvement across all aspects of security.
  • Demonstrate the company's core values: We are Dynamic, We are Innovative, We are Connected, and We Succeed Together.
  • Perform additional duties as required to support the wider Information Assurance team.

Skills, Knowledge & Expertise


Experience

  • Minimum of five years handson experience in an information security audit, risk management, or related assurance role.
  • Proven experience auditing against established information security and cyber risk frameworks, including ISO 27001, NIST CSF, CIS Controls.
  • Practical experience reviewing and assessing information security risk management processes, including risk assessments, control effectiveness, and related reporting.
  • Demonstrated capability in drafting and maintaining audit documentation such as audit schedules, planning materials, policies, procedures, and reports that align with recognised security frameworks and regulatory requirements.
  • Skilled in preparing and delivering clear, concise, and stakeholderspecific audit reports.
  • Experience in a thirdline governance, compliance, or risk assurance function within a large or complex organisation is desirable.
  • Experience working within regulated industries is advantageous.
Education
  • Bachelor's degree or higher in Information Security, Computer Science, or a related discipline.
Knowledge
  • Strong understanding and practical experience with ISO/IEC 27001:2022, including both audit and implementation activities (implementation is advantageous).
  • Solid knowledge of ISO 31000: Risk Management Guidelines.
  • Working knowledge of key cybersecurity frameworks such as the NIST Cybersecurity Framework (CSF) and CIS Controls.
  • Familiarity with security governance and compliance practices, including the development and interpretation of policies, standards, and procedures.
  • Good understanding of IT infrastructure, cloud services, business applications, and thirdparty supplier risk management.
  • Proficient in risk assessment methodologies, including risk identification, analysis, evaluation, and mitigation strategies.
  • Strong understanding of security incident response processes, including escalation, investigation, and reporting.
  • Awareness of relevant regulatory and legal requirements, including:
  • GDPR
  • UK Data Protection Act
  • EU AI Act
  • India Digital Personal Data Protection Act (DPDPA)
Skills
  • Exceptional attention to detail, with strong analytical, reporting, and communication capabilities.
  • Clear and confident communicator, able to translate complex security concepts into language suitable for both technical and nontechnical audiences.
  • Strong stakeholder management skills with a focus on delivering an excellent customer experience.
  • Proactive, selfmotivated problem solver with the ability to work independently and take initiative.
  • Flexible, approachable, and effective in collaborative, fastpaced environments.
  • Resultsdriven and commercially aware, with the ability to align security activities to business objectives.
Ability
  • Ability to perform information security internal audits and produce clear, accurate, and wellstructured audit findings.
  • Collaborative team player, comfortable working alongside crossfunctional teams including departments such as IT, Legal, HR, Risk, and Operations.
  • Capable of leading smallscale initiatives and contributing to continual improvement across security and risk audit activities.
  • Quick learner with a strong growth mindset, adaptable, and able to adjust effectively to changing priorities.
  • Strong understanding and practical experience with key information security and cyber risk frameworks, including ISO 27001, ISO 31000, NIST RMF/CSF, and CIS Controls.
  • Proven experience in conducting audits focused on information security and risk management.
  • Excellent English communication skills, both written and verbal, with the ability to convey complex information clearly and effectively.
  • Relevant professional certification, including:
  • ISO/IEC 27001:2022 Lead Auditor
  • A confident, collaborative team player who enjoys audit work and thrives in an environment that focuses on solutions rather than problems.
Desirable:
CISA Certified Information Security Auditor
ISO/IEC 27001:2022 Lead Implementer
CISM Certified Information Security
CRISC Certified in Risk and Information Systems Control

More Info

Job Type:
Permanent Job
Industry:
Insurance
Function:
Risk And Compliance
Employment Type:
Full time

About Company

Davies

Job ID: 144016173

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 01-04-2026 01:03:14 PM
Homejobs in PuneInternal Auditor

Similar Jobs

Senior Group IT Internal Auditor

Worldline