Description

Lead the IT security risk and audit program using established frameworks to manage information systems security.

Responsibilities

  • Lead the development and implementation of IT security risk and audit strategies through business process risk assessments.
  • Perform PCI, ISO, and COBIT control reviews to ensure infrastructure complies with security policies and standards.
  • Manage the vulnerability management program and third-party risk management (TPRM) by analyzing SOC-2 reports.
  • Coordinate, track, and verify the remediation of audit findings and develop plans of action for identified risks.
  • Identify and rank the criticality of assets to estimate potential losses and implement cost-effective mitigation strategies.

Required Skills

  • 7-10 years of IT Audit experience.
  • 3 years of IT Risk Management lifecycle experience.
  • 3 years of hands-on technical experience as a developer or system administrator.
  • Working knowledge of NIST 800-30 Risk Assessment Standards.
  • Extensive experience with IT General Controls (ITGC) evaluation and design.
  • Solid understanding of PCI DSS standards.
  • Advanced skills in business process mapping, documentation, and policy development.
  • Up-to-date knowledge of the current information security threat landscape.

Preferred Skills

  • CISA certification.
  • CISSP certification.

Education

· Bachelor‘s Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience

Salary

INR 70 - 75