Internal Auditor – Information Security

About the Company

Easebuzz is a payment solutions (fintech) company that enables online merchants to accept, process, and disburse payments through developer-friendly APIs. We are focused on building plug-and-play products—including payment infrastructure—to solve end-to-end business challenges across sectors.

We're at the center of all things fintech: payments, lending, subscriptions, eKYC—you name it. Easebuzz is where innovation meets execution.

We have been consistently profitable and continue to scale rapidly, having grown 4x in the past year alone. Backed by a strong product roadmap and execution, we recently closed a fresh funding round of $30 million in 2025, led by leading VC firms and strategic investors. This comes in addition to our earlier $4 million fundraise in March 2021.

Easebuzz has been granted Full Authorization from the Reserve Bank of India (RBI) for payment aggregator license in 2025.

Our corporate culture is built on openness, ownership, and collaboration. We are an equal opportunity employer and celebrate diversity across all levels. At Easebuzz, you'll find yourself working with passionate colleagues who are committed to growing together.

Headquartered in Pune, we also have a presence in Delhi, Mumbai, Kolkata, Bengaluru, and Gurugram.

Job Summary:

We are seeking an experienced Internal Auditor with expertise in regulatory compliance and information security frameworks. The role involves conducting audits, assessments, and reviews of internal processes and controls to ensure adherence to RBI System Audit Report (SAR) , ISO 27001, SOC 2, PCI-DSS, and other industry standards. The ideal candidate will also lead enterprise-wide risk assessments and provide insights to strengthen business processes and internal control systems.

Key Responsibilities:

Audit & Compliance:

• Plan, execute, and report on internal audits across business functions, with emphasis on IT and security controls.
• Ensure compliance with regulatory guidelines such as RBI SAR, including early identification of risks, gaps, and non-compliance areas.
• Conduct audits aligned with ISO 27001, SOC 2, and PCI-DSS requirements.
• Liaise with external auditors and certification bodies to support third-party assessments and certifications.

Risk Assessment:

• Lead and coordinate enterprise risk assessments, identifying risks, evaluating their impact, and recommending mitigations.
• Maintain and update risk registers in line with industry best practices.
• Conduct regular risk reviews of business units and IT systems.

Business Process Analysis:

• Analyze end-to-end business processes to identify inefficiencies, control gaps, or compliance risks.
• Map processes and recommend improvements that align with control and compliance objectives.
• Evaluate process documentation and support business process reengineering initiatives.

Internal Control Design & Review:

• Design, evaluate, and enhance internal control frameworks across business and IT operations.
• Provide recommendations for control improvements to strengthen governance, risk management, and compliance.
• Perform control testing and effectiveness reviews for operational, financial, and IT controls.

Reporting & Communication:

• Prepare detailed audit reports and present findings to senior management.
• Track audit recommendations, ensure timely implementation of corrective actions, and monitor residual risks.
• Maintain professional communication with stakeholders to ensure transparency and buy-in.

Qualifications & Skills:

Education:

• Bachelor's/Master's degree in Accounting, Finance, Information Systems, or related field.
• CA, CIA, CISA, CISM, or equivalent certifications preferred.

Experience:

• 3–5 years of experience in internal auditing, risk management, or compliance.
• Hands-on experience with RBI guidelines, especially SAR, ISO 27001, SOC 2, and PCI-DSS audits.
• Experience in business process mapping, control testing, and risk assessments.

Skills:

• Strong analytical and critical thinking skills.
• Excellent understanding of regulatory compliance, information security, and internal controls.
• Proficiency in using GRC tools, audit software, and Microsoft Office Suite.
• Strong written and verbal communication skills.

Preferred Attributes:

• Experience in BFSI or fintech industries.
• Familiarity with RBI's IT risk guidelines, DPDP Act, and other Indian regulatory frameworks.
• Ability to manage multiple audits and projects in a fast-paced environment.