Senior Lead - Internal Auditor - IT & Cyber Security - FinTech/BFSI (8-10 yrs)

JD for Lead Infosec Auditor Core:

- Implementing industry recommended Data Security practices in domains such as IT Risk and Security Governance, Security Awareness, Privacy and Data Protection, Cloud Security, Business Continuity, application security, Product security etc.

- Define and maintain broad range Data Security Product and Capability Governance framework, by maintaining a broad understanding of infra products and their use.

- Scope, implement, and maintain compliance frameworks that caters to successfully passing relevant audits.

- Design of best fit, products-specific security controls to ensure contextualized data security controls.

- This incorporated different facets of architecture e.Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations.

- Coordinating & executing proactive information security consulting to business & cross functional technology teams covering Infrastructure Security, Resiliency, Data Security, Data Privacy, Network Architecture & Design, & User Access Management.

Vulnerability assessment, diagnosis, and resolution:

- Conduct security assessment of infrastructure end to end i.e from design to implementation and suggest improvement for enhanced security posture in line with business requirements.

- Identify security gaps and suggest mitigating controls to minimize the associated risk to an acceptable level.

- Implement, manage, and maintain information security and compliance in-line with formulated project plans / strategic and tactical alignment of resources.

- Driving cloud security risk assessment and identify the gaps and define remediation approach by using right set of security controls to conclude the assessment.

- Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including enterprise software solutions, cloud applications and mobile apps.

- Identify and recommend changes to the security controls, assessing potential risks to data and systems, and provide recommendations on mitigation of these risks to acceptable levels and show ownership in following through implementation.

Audits:

- Scope and implement compliance frameworks like ISO 27001, SOC 2, PCI DSS, NIST Cyber Security Framework (CSF) from scratch.

- Lead security audits in-line with industry accepted standards like PCI DSS, SOC2 Type2, ISO 27001, regulatory audits, Business continuity (ISO 22301).

- Drives Strategic Product security efforts with architecture teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks.