Senior Manager - Infosec Audit

Job Description

Job Summary: We are seeking a skilled Information Security Lead Auditor with a strong background in internal and external audits , third-party vendor risk assessments , and compliance with security standards such as ISO 27001 , PCI DSS , and ITGC and regulatory frameworks such as RBI, UIDAI, CERT-IN, DPSC, IRDAI . The ideal candidate will lead audit activities, conduct comprehensive risk assessments of third-party vendors, and ensure the companys systems are aligned with regulatory requirements. The role requires an analytical mind to identify gaps in controls, assess vulnerabilities, and recommend actions to improve the security posture. Key Responsibilities: Internal & External Audits: Lead and conduct internal information security audits and assessments to ensure compliance with ISO 27001 , PCI DSS , ITGC , and other relevant security frameworks. Support external audit processes, including preparation for audits, liaison with auditors, and addressing findings to achieve timely closure of non-compliances. Prepare clear, concise audit reports that summarize findings, assessments, and risk mitigation recommendations. Third-Party Vendor Risk Assessments: Conduct thorough third-party vendor risk assessments to evaluate the security posture, compliance, and operational risks associated with external vendors. Collaborate with procurement and vendor management teams to assess vendors' adherence to security standards (e.g., ISO 27001, PCI DSS, SOC reports). Compliance & Risk Management: Ensure compliance with industry regulations (ISO 27001, PCI DSS, ITGC, GDPR, SOC, etc.) by conducting routine assessments and audits of internal processes, systems, and third-party vendors. Track audit findings and work with stakeholders to ensure timely remediation of identified issues. Collaboration & Stakeholder Engagement: Work closely with IT, Product, legal, HT and admin teams to ensure audits and risk assessments are thorough, accurate, and aligned with the organization’s goals. Act as a trusted advisor to management on security-related issues, helping to strengthen the organization’s overall risk management strategy. Soft Skill Excellent communication skills, both written and verbal, with the ability to present audit findings and recommendations to both technical and non-technical audiences. Strong analytical and problem-solving abilities. Highly organized with the ability to manage multiple projects and deadlines. Strong attention to detail and a proactive approach to identifying potential risks.