Senior Information Security Auditor (4-8 yrs)

We are looking for an experienced Information Security Auditor/Senior Auditor /Lead Auditor to join our client's team.

The ideal candidate will have a strong background in information security operations, auditing, and cybersecurity practices, with hands-on experience across banking technologies and security domains.

Note : Candidates with experience working in Banks/consultant experience in reputed firms along with experience in security operations as part of overall career would be preferred.

Education : Graduate in Computer Science/IT, B.E/B.Tech, or BCA/MCA.

Key Responsibilities :

- Conduct audits of information security policies, procedures, and processes to identify design gaps and process vulnerabilities.

Perform audits in key banking technology domains, including :

- Application Security (Mobile app assessments, OWASP practices, VA/PT, AppSec, SDLC, source code reviews).

- Database Security (Oracle, MS SQL, database activity monitoring, and data localization).

- Payment Systems Security (SWIFT, UPI, IMPS, Internet Banking, PCI DSS compliance, ATM endpoint security).

- Network Security (Firewalls, DLP, WAF, incident response, VA/PT for networks).

- IT General Controls (IAM, change management, backup, restoration, and BCP/DR architecture).

- Conduct risk assessments across cybersecurity domains, ensuring compliance with ISO standards and regulatory guidelines in the banking sector.

- Develop audit plans, document findings, prepare comprehensive reports, and present recommendations to stakeholders.

- Stay updated on emerging technologies like cloud security, virtualization, AI/ML, and IoT, and incorporate them into audits and recommendations.

- Collaborate with teams to maintain audit checklists, conduct trend analysis, and create presentations.

- Travel extensively within Mumbai and across India to perform audits.

Qualifications & Experience :

- 4-8 years of experience in information security operations and system audits, preferably in Banking/Finance/Payments domains.

- Expertise in cybersecurity practices, including Application Security, Database Security, Network Security, SOC, and IT General Controls.

- Hands-on experience in PCI DSS implementation, mobile app security, VA/PT, and cloud security audits.

- Experience in writing and auditing information security policies, procedures, and processes.

- Familiarity with ISO 27001 standards and regulatory guidelines in the banking sector.

- Strong technical skills in firewalls, DLP, WAF, encryption, and incident response.

Certifications (Preferred) :

Mandatory : CISA, CISM, CISSP, CEH, or CRISC.

Additional (as applicable) :

- Application Security : MCSD, Mobile App Security Testing, Java Certifications, API Security.

- Database Security : MCDBA, Oracle Database, Big Data/Analytics.

- Network Security : CCNA, Firewall Administration.

- Payments Security : Certifications in ATM Security, Cards/Payments Security.

- Cloud Security : CCSK, CCSP.