DESCRIPTION
- Level: L3
- lDepartment: Technology & Digital (Information Security Team)
- Designation: Assistant Manager
- Location: Pune
- Experience: Minimum 5 years of experience
- Preferred Age: Maximum 35 years
- Qualification: B.Tech
Qualifications
- Bachelor’s degree in information technology, Computer Science, Cybersecurity, or related field.
- 5–10 years of experience in ITGC audits, cybersecurity governance, or InfoSec compliance, preferably in BFSI/NBFC/regulated sector.
- Strong knowledge of RBI IT Guidelines, ISO 27001, SOC 1/2, and ITIL processes
- CISA / ISO 27001 Lead Auditor / CRISC
- Any exposure to cloud security (Azure, AWS) or DevSecOps will be an advantage.
- Ability to interpret and operationalize compliance and regulatory guidelines into practical IT processes.
- Strong analytical, reporting, and stakeholder engagement skills.
|

ROLE & RESPONSIBILITY
- Own and manage IT General Controls (ITGC) framework across applications, databases, servers, network, and cloud.
- Facilitate and support RBI IT Master Direction, ISO 27001 and internal audit engagements.
- Work closely with IT, cybersecurity, and business functions to remediate audit findings and close gaps.
- Define, review, and enforce access controls, change management, backup, incident management, and logical security controls.
- Prepare and maintain audit-ready documentation and control evidence repositories.
- Drive user access reviews, privileged access governance, and policy compliance.
- Assist in the development and implementation of InfoSec policies, SOPs, and risk registers.
- Liaise with external auditors and consultants to manage assurance activities.
- Monitor compliance with third-party risk, outsourcing obligations, and vendor SLAs related to security and IT controls.
- Facilitate and oversee end-to-end vulnerability management program for all applications, underlying infrastructure and create the reports, share status with audit team, and address issues, if any
- Periodically apprise the on-information security posture of the organization, highlight challenges, risk, and improvement areas
- Manage InfoSec awareness program & Phishing simulation program for BACL employee in coordination with HR team.
- Perform regular compliance assessment based on define KPI & KRI.
|