Job Description

• Own and manage IT General Controls (ITGC) framework across applications, databases, servers, network, and cloud.
• Facilitate and support RBI IT Master Direction, ISO 27001 and internal audit engagements.
• Work closely with IT, cybersecurity, and business functions to remediate audit findings and close gaps.
• Define, review, and enforce access controls, change management, backup, incident management, and logical security controls.
• Prepare and maintain audit-ready documentation and control evidence repositories.
• Drive user access reviews, privileged access governance, and policy compliance.
• Assist in the development and implementation of InfoSec policies, SOPs, and risk registers.
• Liaise with external auditors and consultants to manage assurance activities.
• Monitor compliance with third-party risk, outsourcing obligations, and vendor SLAs related to security and IT controls.
• Facilitate and oversee end-to-end vulnerability management program for all applications, underlying infrastructure and create the reports, share status with audit team, and address issues, if any
• Periodically apprise the on-information security posture of the organization, highlight challenges, risk, and improvement areas
• Manage InfoSec awareness program & Phishing simulation program for company employee in coordination with HR team.
• Perform regular compliance assessment based on define KPI & KRI.

Skills Required