IT Auditor - NBFC (8-15 yrs)

Job Overview:

The ideal candidate will be responsible for performing risk-based audit on the key IT applications to test controls and ensure compliance pertaining to our IT security policy and RBI recommended regulatory guidelines. The opportunity is for a leading diversified Non-Banking Financial Company (NBFC) registered with RBI, with presence across retail lending, wholesale lending, and fund-based platforms.

Qualification:

- CA/MBA/MCA with IT Audit experience of minimum 8 years.

- CISA certification is mandatory.

Experience:

- 8-13 years of experience as an IT Auditor and should have handled IT audit from financial services perspective, knowledge of RBI Guidelines, exposure to data governance, IT governance, Ops risk management.

- Clear understanding of IT audit methodologies.

- Ability to work under pressure in a fast-paced environment.

- Strong attention to detail with an analytical mind and outstanding problem-solving skills.

- Great awareness of cybersecurity trends and hacking techniques.

- Individual will be responsible for assessing our IT systems, identifying vulnerabilities, and recommending risk-mitigation strategies. IT auditor plays a crucial role in helping the organization manage IT risks, safeguard assets, and ensure compliance with relevant laws, regulations, and industry standards.

Responsible to conduct following audits:

- IT Application Audit - Access, Change, Incident management, Interface, Application Security controls, SLA and vendor agreement, capacity management.

- IT Infra & Governance Audit - Asset inventory classification control, Review Policy and procedures, implementation of policy, compliance of RBI guidelines, review resource management.

- IT Vendor Audit - Infrastructure and security control, human resource, performance, Billing, policy / guideline compliance, system access control.

- Thematic Audit.

- Cybersecurity Audits: Conduct comprehensive reviews of our network infrastructure and applications. Provide needful recommendations for upgrading the organization's data security measures.

- Technology Risk Assessment: Evaluate effectiveness of controls related to IT governance, data integrity and disaster recovery.

- Assessing requirements for information security & compliance and implement solutions in accordance with organizational security framework.

- Work closely with the other INA leaders to integrate IT audit findings into our overall risk assessment.

- Work with co-sourced partners on RBI mandated annual audits of IT and information system.

- Must keep pace with technological advancements and assess their impact on our business.

Reporting Structure: Group Head - Internal Audit

Location: Kurla, Mumbai