Senior Information Security Auditor

We are looking for an experienced Information Security Auditor/Senior Auditor /Lead Auditor to join our client's team. The ideal candidate will have a strong background in information security operations, auditing, and cybersecurity practices, with hands-on experience across banking technologies and security domains. Note : Candidates with experience working in Banks/consultant experience in reputed firms along with experience in security operations as part of overall career would be preferred. Education : Graduate in Computer Science/IT, B.E/B.Tech, or BCA/MCA. Key Responsibilities : - Conduct audits of information security policies, procedures, and processes to identify design gaps and process vulnerabilities. Perform audits in key banking technology domains, including : - Application Security (Mobile app assessments, OWASP practices, VA/PT, AppSec, SDLC, source code reviews). - Database Security (Oracle, MS SQL, database activity monitoring, and data localization). - Payment Systems Security (SWIFT, UPI, IMPS, Internet Banking, PCI DSS compliance, ATM endpoint security). - Network Security (Firewalls, DLP, WAF, incident response, VA/PT for networks). - IT General Controls (IAM, change management, backup, restoration, and BCP/DR architecture). - Conduct risk assessments across cybersecurity domains, ensuring compliance with ISO standards and regulatory guidelines in the banking sector. - Develop audit plans, document findings, prepare comprehensive reports, and present recommendations to stakeholders. - Stay updated on emerging technologies like cloud security, virtualization, AI/ML, and IoT, and incorporate them into audits and recommendations. - Collaborate with teams to maintain audit checklists, conduct trend analysis, and create presentations. - Travel extensively within Mumbai and across India to perform audits. Qualifications & Experience : - 4-8 years of experience in information security operations and system audits, preferably in Banking/Finance/Payments domains. - Expertise in cybersecurity practices, including Application Security, Database Security, Network Security, SOC, and IT General Controls. - Hands-on experience in PCI DSS implementation, mobile app security, VA/PT, and cloud security audits. - Experience in writing and auditing information security policies, procedures, and processes. - Familiarity with ISO 27001 standards and regulatory guidelines in the banking sector. - Strong technical skills in firewalls, DLP, WAF, encryption, and incident response. Certifications (Preferred) : Mandatory : CISA, CISM, CISSP, CEH, or CRISC. Additional (as applicable) : - Application Security : MCSD, Mobile App Security Testing, Java Certifications, API Security. - Database Security : MCDBA, Oracle Database, Big Data/Analytics. - Network Security : CCNA, Firewall Administration. - Payments Security : Certifications in ATM Security, Cards/Payments Security. - Cloud Security : CCSK, CCSP. (ref:hirist.tech)

Location: navi-mumbai, IN

Posted Date: 1/9/2025