IT Risk, Security
4 days ago
Job Title: IT Risk, Security & Audit Lead
Years of Experience: 8-13 Years
Location: India, Mumbai, Andheri, Saki Naka
Job Summary:
We are seeking an experienced and detail-oriented IT Risk, Security & Audit Lead to oversee product development and deployment, ensuring compliance with security governance, risk management, audits, and certifications within our banking technology environment. The role demands expertise in cybersecurity, IT risk management, audit frameworks, and regulatory compliance (RBI, PCI-DSS, ISO, SOC2, etc.), with the ability to align technical security measures to business objectives. The ideal candidate will bring prior banking/fintech domain experience and a proven track record in managing risk frameworks, end-to-end audits, certifications, security operations, and incident response.
Key Responsibilities:
- Security Governance, Compliance & Audit
- Define and maintain the IT risk, audit, and cybersecurity framework aligned with RBI, ISO 27001, PCI-DSS, SOC2, and other applicable standards.
- Lead and own all audits and certifications (internal, external, ITGC, regulatory, ISO, PCI-DSS, SOC2, etc.) ensuring readiness, execution, and successful closure.
- Ensure compliance with regulatory guidelines (RBI Master Directions, CERT-In advisories, DPDP Act, etc.)
- Manage audit observations/findings and drive timely remediation with IT and engineering teams.
- Oversee periodic Vulnerability Assessments and Penetration Testing (VAPT) in collaboration with internal teams and external vendors.
- Risk Management & Control
- Identify, assess, and monitor IT & cyber risks across infrastructure, applications, APIs, and cloud environments.
- Establish KRIs/KPIs for risk and audit reporting to management and regulators.
- Drive remediation of identified risks and audit gaps with accountable teams.
- Security Operations & Incident Management
- Lead SOC activities including log monitoring, threat intelligence, and anomaly detection.
- Define and test incident response plans (data breach, ransomware, insider threat, etc.).
- Coordinate with vendors, auditors, and regulators for timely reporting and resolution of incidents.
- Stakeholder Engagement & Advisory
- Act as the bridge between technology teams, compliance, auditors, and business stakeholders.
- Educate teams on secure coding practices, DevSecOps principles, and compliance requirements.
- Present periodic security posture, risk, and audit status reports to leadership.
- Technology & Continuous Improvement
- Oversee security tools (SIEM, DLP, WAF, IAM, Endpoint Protection, etc.) and ensure effective utilization.
- Recommend and implement emerging cybersecurity and audit-supporting technologies.
- Build a culture of security and audit awareness through training, phishing simulations, and periodic workshops.
Required Skills and Qualifications:
- Experience: 8+ years in IT risk management, audits, cybersecurity, or related domains; minimum 3+ years in a leadership role.
- Education: Bachelors or Masters in Information Security, Computer Science, or Engineering.
- Technical Expertise:
- Strong understanding of security & audit frameworks: ISO 27001, NIST, COBIT, PCI-DSS, SOC 2.
- Hands-on experience with audit & security tools: SIEM, vulnerability scanners, GRC tools, DLP, IAM, EDR/XDR.
- Knowledge of cloud security (AWS/Azure/GCP) and secure architecture principles.
- Familiarity with DevSecOps, API security, and container security (Docker, Kubernetes).
- Domain Knowledge: Prior experience in banking/NBFC/fintech with strong understanding of RBI and Indian regulatory landscape.
- Soft Skills: Strong audit & risk-based decision-making, leadership, communication, and stakeholder management skills.
Preferred Qualifications:
- Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, CEH, OSCP (any combination preferred).
- Experience with end-to-end certification processes (ISO, PCI-DSS, SOC2, etc.).
- Experience with data privacy compliance (DPDP Act, GDPR).
- Exposure to fraud detection systems, transaction monitoring, or payment security.
- Experience in vendor risk management, third-party audits, and audit remediation tracking.
- Strong knowledge of business continuity planning (BCP) and disaster recovery (DR) in BFSI.Role & responsibilities
-
Senior Security Engineer
1 week ago
Mumbai, Maharashtra, India TAC Security Full time ₹ 12,00,000 - ₹ 36,00,000 per yearJob DescriptionAs a Security Engineer VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies.Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...
-
Junior GRC Consultant
2 weeks ago
Navi Mumbai, Maharashtra, India Risk Quotient Full time ₹ 6,00,000 - ₹ 12,00,000 per yearAbout Us:Risk Quotient Consultancy Pvt. Ltd. (RQ) is a fast-growing, CERT-IN empanelled cybersecurity consulting firm with extensive experience delivering 100+ information security projects across multiple industries and global clients.ResponsibilitiesAssist in executing information security, cybersecurity, risk management, business continuity, and privacy...
-
Senior Security Engineer
3 weeks ago
Mumbai, Maharashtra, India, Maharashtra TAC Security Full timeJob descriptionAs a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...
-
IT Governance and Security
1 week ago
Navi Mumbai, Maharashtra, India Kaivale It Services Full time ₹ 4,00,000 - ₹ 12,00,000 per yearStrong knowledge of IT governance frameworks (e.g., COBIT, ITIL) and information security standards (e.g., ISO 27001, NIST).Expertise in risk management, cybersecurity, and regulatory compliance. Excellent communication, and interpersonal skills.
-
Analyst - Asia Security Operations Center
7 days ago
Mumbai, Maharashtra, India Jaguar Security Services Full time ₹ 1,04,000 - ₹ 1,30,878 per yearThe Asia Security Operations Center (ASOC) plays a crucial role in maintaining the safety and security of an organization's premises, assets, and personnel. This position involves monitoring security systems, responding to alarms and incidents, and effectively communicating with on-site security personnel, local POCs and emergency services as necessary.ASOC...
-
Security Operations Specialist
3 days ago
Mumbai, Maharashtra, India Brennan IT Full time ₹ 5,00,000 - ₹ 10,00,000 per yearSecurity Operations Specialist Why work for Brennan? At Brennan, we aim to lead, not follow. One of the ways we do this is through an open diverse culture that values performance, where anyone in the team can bring new ideas to the table and see them thrive. Our people are empowered, considerate, supportive, trusting and accepting, they are the cornerstone...
-
Risk Executive
5 days ago
Mumbai, Maharashtra, India HIRINGHOUSE TECHNOLOGIES PVT LTD Full time ₹ 6,00,000 - ₹ 12,00,000 per yearKey Focus AreaRisk Assessment: Identify and evaluate financial, operational, and strategic risksReporting: Prepare risk reports and dashboards for management and compliance.Compliance Monitoring: Ensure adherence to regulatory and internal risk policies.Stakeholder Collaboration: Work with business units to understand and manage risks.Roles and...
-
Risk Management Specialist/ Risk Manager
7 days ago
Mumbai, Maharashtra, India ACME SERVICES PRIVATE LIMITED Full time ₹ 15,00,000 - ₹ 25,00,000 per yearKey Responsibilities:Risk Monitoring and Analysis: Monitor gaming transactions, player activities, and financial data to identify potential risksand anomalies. Utilize advanced analytics tools and techniques to detect fraudulent or suspicious behaviourpatterns. Conduct regular risk assessments and develop strategies to mitigate emerging risks specific...
-
Vendor Risk Review-Team Member IS Risk
6 days ago
Mumbai, Maharashtra, India Yes Bank Full timeJob CodeCost CenterJob TitleTeam Member Vendor Risk ReviewFunctional TitleManagement BandJunior ManagementBusiness UnitRisk ManagementDivisionInformation SecurityDepartmentInformation SecurityLocationMumbaiReporting toNo. of Direct ReportsSECTION II: ROLE SUMMARYYes Bank is a Universal Bank and its mission is to establish a high-quality, customer-centric,...
-
Risk Manager
3 days ago
Mumbai, Maharashtra, India Deutsche Bank Full time ₹ 12,00,000 - ₹ 36,00,000 per yearJob Title: Risk Manager - DWS Non-financial Risk Management, AVP Location: Mumbai, India Role Description Team and Position Description The DWS Non-financial Risk Management (NFRM) team is part of the DWS Chief Risk office within the DWS CFO division. The DWS Chief Risk office is a dedicated risk oversight and control function,...