Job Description: Cybersecurity Auditor (GRC Focus)Job Title: Cybersecurity Auditor / GRC SpecialistExperience Level: Mid-Level (3+ Years)Location: Pune/MumbaiEmployment Type: Full-timeRole SummaryWe are seeking a detail-orientated and analytical Cybersecurity Auditor to join our Governance, Risk, and Compliance (GRC) team. The ideal candidate has a minimum of 3 years of hands-on experience in information security auditing. You will be responsible for ensuring our organisation (and/or clients) maintains robust security standards, specifically focusing on ISO 27001 certification, SOC 2 attestation, and adherence to CERT-In (Indian Computer Emergency Response Team) guidelines.Key Responsibilities1. Compliance & Audit Management (ISO 27001 & SOC 2)- Plan and execute internal audits against ISO 27001:2022 standards and SOC 2 Trust Services Criteria (TSC) (Security, Availability, Confidentiality, Processing Integrity, and Privacy). - Conduct gap assessments to identify non-conformities and work with IT/Engineering teams to implement remediation plans. - Manage the evidence collection process for external audits and serve as a point of contact for external auditors. - Maintain the Information Security Management System (ISMS) documentation, including policies, procedures, and risk registers.2. Regulatory Compliance (CERT-In)- Ensure organisational compliance with CERT-In directions, specifically regarding cyber incident reporting timelines (6-hour rule), log retention (180 days), and subscriber data handling. - Monitor and update internal protocols based on the latest advisories and vulnerabilities published by CERT-In. - Assist in the preparation of root cause analysis (RCA) reports for any security incidents as required by regulatory bodies.3. GRC & Risk Management- Conduct periodic Risk Assessments (RA) and Data Protection Impact Assessments (DPIA). - Monitor third-party vendor risk by reviewing their security posture and compliance (TPRM). - Track and report on key GRC metrics and Key Performance Indicators (KPIs) to senior management.Required Qualifications & SkillsEducation & Experience:- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. - Minimum of 3 years of proven experience in IT Audit, GRC, or Information Security compliance.Technical Competencies:- Deep knowledge of ISO 27001 (Lead Implementer or Auditor knowledge preferred). - Hands-on experience with SOC 2 Type I and Type II preparation and auditing. - Familiarity with CERT-In cyber security directions, DPDPA 2023 and the IT Act, 2000 (India). - Understanding of IT infrastructure (cloud security, firewalls, endpoint security) to effectively audit technical controls.Certifications (Preferred but not mandatory):- CISA (Certified Information Systems Auditor) - ISO 27001 Lead Auditor / Lead Implementer - CompTIA Security+ or CRISCSoft Skills:- Strong documentation and technical writing skills. - Ability to communicate complex compliance requirements to non-technical stakeholders. - Analytical mindset with high attention to detail.
Job Title
Cybersecurity Auditor - GRC