Location Name: Pune Corporate Office - Mantri
Job Purpose
- To Conduct periodic assurance assessments of core IT Security platforms, including:
o Endpoint Security / EDR
o Network Security (NGFW, WAF, IDS/IPS)
o Identity & Access Management (IAM, PAM)
o Data Security & DLP
o Vulnerability Management & Patch Management
o Cloud Security Posture Management (CSPM)
-
- Validate design effectiveness and operating effectiveness of security controls.
-
- Identify control gaps, design weaknesses, and residual risks in deployed platforms.
- Ensure platform controls are aligned with:
o RBI Master Direction on IT Governance, Risk, Controls & Assurance (2023)
o ISO/IEC 27001
o NIST CSF / NIST SP 800 series
- Review Methodology & Risk Assessment
o Define and execute risk based review methodology for IT Security platforms.
O Perform
- Control maturity assessments
- Configuration and governance reviews (not day-to-day ops)
- Exception and deviation analysis
o Rate findings based on impact, likelihood, and regulatory criticality.
o Track remediation effectiveness and closure evidence.
- Governance, Reporting & Metrics
O Prepare Assurance Dashboards & Management Reports, Including
o Control coverage status
- Open / overdue security observations
- Recurring audit findings
- Platform assurance risk heatmaps
O Present Assurance Outcomes To
- IT Leadership
- CISO / CIO office
- Risk & Compliance forums
o Contribute to continuous improvement of IT Security governance framework.
Duties And Responsibilities
A- To Conduct periodic assurance assessments of core IT Security platforms
B- Ensure platform controls are aligned with regulatory requirements
Major Challenges
- To identify all compliance requirements
- Ensure platform controls are aligned with regulatory requirements
Required Qualifications And Experience
- Qualifications
- Engineering / Computer Graduate with 10–14 years of total experience
- 5+ years in IT Security Assessment, Assurance, Risk, or Audit roles
- Prior experience in regulated BFSI environments strongly preferred
- Relevant Certifications like CISA/ISO 27001 LA
- Work Experience
- Strong experience in IT Security Assurance / IT Risk / GRC / IS Audit
- Deep understanding of security platforms: EDR, IAM/PAM, VM, Network Security, Cloud Security
- Proven experience handling RBI / REBIT / ISO audits
- Strong control assessment and documentation skills
- Excellent analytical, reporting, and stakeholder communication skills
- Good to Have
- Exposure to Upper Tier NBFC / Banking / Financial Services
- Familiarity with ServiceNow GRC / IRM
- Understanding of cloud security (Azure/AWS/GCP)
- Governance Practices across Datacenter, Cloud, Servers, Endpoints, Security Technologies, Application & Database
- Good Written and Verbal Communication with Presentation Skills
- Good Team Player and sound in stakeholder management
