IT Risk, Security

Job Title: IT Risk, Security & Audit Lead

Years of Experience: 8-13 Years

Location: India, Mumbai, Andheri, Saki Naka

Job Summary:

We are seeking an experienced and detail-oriented IT Risk, Security & Audit Lead to oversee product development and deployment, ensuring compliance with security governance, risk management, audits, and certifications within our banking technology environment. The role demands expertise in cybersecurity, IT risk management, audit frameworks, and regulatory compliance (RBI, PCI-DSS, ISO, SOC2, etc.), with the ability to align technical security measures to business objectives. The ideal candidate will bring prior banking/fintech domain experience and a proven track record in managing risk frameworks, end-to-end audits, certifications, security operations, and incident response.

Key Responsibilities:

• Security Governance, Compliance & Audit
• Define and maintain the IT risk, audit, and cybersecurity framework aligned with RBI, ISO 27001, PCI-DSS, SOC2, and other applicable standards.
• Lead and own all audits and certifications (internal, external, ITGC, regulatory, ISO, PCI-DSS, SOC2, etc.) ensuring readiness, execution, and successful closure.
• Ensure compliance with regulatory guidelines (RBI Master Directions, CERT-In advisories, DPDP Act, etc.)
• Manage audit observations/findings and drive timely remediation with IT and engineering teams.
• Oversee periodic Vulnerability Assessments and Penetration Testing (VAPT) in collaboration with internal teams and external vendors.
• Risk Management & Control
• Identify, assess, and monitor IT & cyber risks across infrastructure, applications, APIs, and cloud environments.
• Establish KRIs/KPIs for risk and audit reporting to management and regulators.
• Drive remediation of identified risks and audit gaps with accountable teams.
• Security Operations & Incident Management
• Lead SOC activities including log monitoring, threat intelligence, and anomaly detection.
• Define and test incident response plans (data breach, ransomware, insider threat, etc.).
• Coordinate with vendors, auditors, and regulators for timely reporting and resolution of incidents.
• Stakeholder Engagement & Advisory
• Act as the bridge between technology teams, compliance, auditors, and business stakeholders.
• Educate teams on secure coding practices, DevSecOps principles, and compliance requirements.
• Present periodic security posture, risk, and audit status reports to leadership.
• Technology & Continuous Improvement
• Oversee security tools (SIEM, DLP, WAF, IAM, Endpoint Protection, etc.) and ensure effective utilization.
• Recommend and implement emerging cybersecurity and audit-supporting technologies.
• Build a culture of security and audit awareness through training, phishing simulations, and periodic workshops.

Required Skills and Qualifications:

• Experience: 8+ years in IT risk management, audits, cybersecurity, or related domains; minimum 3+ years in a leadership role.
• Education: Bachelors or Masters in Information Security, Computer Science, or Engineering.
• Technical Expertise:
• Strong understanding of security & audit frameworks: ISO 27001, NIST, COBIT, PCI-DSS, SOC 2.
• Hands-on experience with audit & security tools: SIEM, vulnerability scanners, GRC tools, DLP, IAM, EDR/XDR.
• Knowledge of cloud security (AWS/Azure/GCP) and secure architecture principles.
• Familiarity with DevSecOps, API security, and container security (Docker, Kubernetes).
• Domain Knowledge: Prior experience in banking/NBFC/fintech with strong understanding of RBI and Indian regulatory landscape.
• Soft Skills: Strong audit & risk-based decision-making, leadership, communication, and stakeholder management skills.

Preferred Qualifications:

• Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, CEH, OSCP (any combination preferred).
• Experience with end-to-end certification processes (ISO, PCI-DSS, SOC2, etc.).
• Experience with data privacy compliance (DPDP Act, GDPR).
• Exposure to fraud detection systems, transaction monitoring, or payment security.
• Experience in vendor risk management, third-party audits, and audit remediation tracking.
• Strong knowledge of business continuity planning (BCP) and disaster recovery (DR) in BFSI.Role & responsibilities