Lead Auditor

Experience: 1-2 Years

Location: Mumbai (Thane)

Work Mode: WFO

Notice Period: Immediate joiner - 15 days

Primanry Skills:GRC, ITGC/ISO 27001, ISO 27701, PCI DSS, Internal Audit

Security, Compliance, and GRC Strategy:

• Develop and implement a comprehensive strategy for IT security, compliance, and GRC to align with organizational objectives.
  
  
  
  
• Oversee governance frameworks, ensuring effective policies, standards, and procedures are in place to manage IT and cyber risks.
  
  
• Deliver and report on the status of IT security audit recommendations and GRC initiatives to stakeholders.
  
  

Compliance Documentation:

• Prepare and maintain detailed documentation to meet ITGC, ISO 27001, ISO 27701, SOC 2, PCI DSS, GDPR, NIST, and other national and international regulatory compliance requirements.
  
  
• Ensure accurate record-keeping and reporting to support audits and regulatory filings.
  
  

Audit and Risk Management

• Lead internal audits, conduct self-assessments, and coordinate third-party risk assessments of technology infrastructure, operational processes, and controls.
  
  
• Perform scheduled IT compliance audits across diverse sectors, such as Banking/NBFC, Power, IT, Manufacturing, and Service industries.
  
  
• Identify, evaluate, and mitigate IT risks by establishing robust risk management processes.
  
  

GRC Integration and Framework Mapping

• Design and implement GRC frameworks to integrate governance, risk, and compliance initiatives into a unified program.
  
  
• Establish mapping of various IT/Information/Cyber Security standards and frameworks to streamline compliance and risk assessment processes.
  

User Awareness and Training

• Develop and execute user awareness programs and training initiatives to foster a culture of compliance and cybersecurity awareness across the organization.
  
  

Policy Development and Monitoring

• Create, maintain, and enforce IT and information security policies in line with business objectives and regulatory requirements.
  
  
• Monitor adherence to policies and recommend improvements to ensure ongoing effectiveness.
  
  

Continuous Improvement

• Analyze audit findings, risk assessment results, and GRC program outcomes to identify areas for improvement.
  
  
• Develop and implement action plans to enhance organizational resilience and compliance posture.
  

• Experience in Delivery of and reporting on the status of all IT security audit recommendations.
  
  
• Experience in preparing documentation based on ITGC, ISO 27001, ISO 27701, SOC2, PCI DSS, GDPR, NIST and any National & International regulatory compliances.
  
  
• Have conduct both self-assessments and coordinate third-party risk assessments of technology infrastructure and operational processes and controls for assigned areas.
  
  
• Conduct scheduled, targeted IT compliance audits for the organization/clients like; Banking / NBFC, Power / IT/manufacturing / Service Sector, etc.
  
  
• Development and execution of User awareness and training program.
  
  
• Have established in mapping of various IT/Information/Cyber Security Standards and Frameworks to Integrated Compliances and Risk Assessment.