Senior Information Technology Auditor

Title: Information Security Auditor

Experience: 5 to 7 Years

Location: Bengaluru

Role Scope & Responsibilities

You will independently handle ISO 27001 / SOC 2 / PCI audit activities, including:

- Internal audits

- Evidence review and walkthroughs

- Risk assessments and remediation tracking

- You will work closely with engineering, IT, and business teams to close audit findings.

- You will support external auditors and ensure audit readiness.

Ownership & Accountability

You are expected to own audit deliverables end-to-end, not just support them.

This includes:

- Driving timelines

- Following up on open risks

- Clearly explaining control gaps and remediation expectations

- You should be comfortable communicating directly with stakeholders and clarifying requirements.

Technical & Security Understanding

You should have a working understanding of security controls, such as:

- Access management

- Logging and monitoring

- Vulnerability management

- Cloud and application security basics

You are not expected to be a security engineer, but you should understand why controls exist and what risk they mitigate.

Growth Expectations (Important)

Over time, you will be expected to:

- Move from checklist-based compliance to risk-based decision-making

- Provide input on security improvements, not just audit findings

- Gradually take ownership of larger or more complex audits