11+ IT security audit Jobs in Mumbai | IT security audit Job openings in Mumbai

Position: IT Auditor

Experience: 4-12 Years

Location: Pune

Key Skills Required:

CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker

Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,

IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
•    Evaluate IT systems, processes and projects in place;
•    Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
•    Ensure information management processes are in compliance with IT-specific laws, policies and standards;
•    Determine inefficiencies in IT systems, IT projects and associated management processes and
•    Consult in IT projects, new initiatives and organizational frameworks.

Description

Audit Planning

1)    Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2)    Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3)    Participate in the preparation of work program

Audit Process

1)     Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2)     Request and collect relevant audit data for analysis from respective business areas.
3)     Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4)    Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5)    Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6)    Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7)    Prepare the draft audit report and submit the same to the  IT Audit Manager and the Head of IT Audit India Hub for review.
8)    Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9)    Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10)    Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11)    Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12)    Relevant knowledge is shared among the team members.
13)    Consult in IT projects, new initiatives and organizational frameworks.
14)    Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15)    Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16)    Evaluate IT systems, processes and projects in place.
17)    Determine inefficiencies in IT systems, IT projects and associated management processes.

What will you do every day?

As a Security & Compliance Specialist, you are responsible for helping the implementation of the organization's information security and compliance programs. You will also help in implementing and reviewing data protection and privacy controls through technical, operational, and administrative measures. The ideal candidate will have good experience in Security in SaaS products, a deep understanding of regulatory requirements, and a proactive approach to managing security threats and third-party risks; someone who enjoys security work and possesses both deep and wide expertise in the security space.

Job Responsibilities

• Develop and Implement Security & Privacy Policies (Primary | Must have)
• Create and maintain comprehensive security policies and procedures for cloud environments and application security that align with organizational goals and regulatory requirements
• Ensure policies are regularly updated and communicated to relevant stakeholders; should be an SME for Enterprise Security and Privacy related activities
• Third-Party Risk Management (Primary | Must have)
• Handle the third-party risk management activities (TPRM) covering both inbound and outbound assessments (through the Customer & Vendor lifecycles)
• Collaborate with procurement and legal teams to ensure third-party contracts include appropriate security and compliance requirements (this includes reviews of MSA, Bids, RFP’s)
• Compliance Oversight (Primary | Must have)
• Ensure the organization’s compliance with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2); should be an SME for compliance
• Implementation of minimum 3 standards from GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2
• Lead internal and external audits and manage responses to audit findings
• Product Security Practices (Primary | Must have)
• Integrate security practices into the software development lifecycle (SDLC) and review the releases based on the established Secure SDLC processes
• Review the Products from time to time checking the availability of enterprise security features
• Cloud & Infra Security (Secondary | Good to have)
• Implement, review and maintain robust security controls for cloud platforms (AWS/Azure/GCP) as per the industry best practices (DevSecOps)
• Perform security assessments/reviews and VA scans (non-mandatory) on cloud infra.
• Cybersecurity (Secondary | Good to have)
• Knowledge on Cyber Attack Vectors, Cyber Threat Intelligence, Attack Surface Mgmt., etc.
• Adequate knowledge on Incident Response, Business Resilience and Risk Management

Other responsibilities

• To act as a Security & Privacy champion/catalyst for all functions/BUs within the Company
• This role needs an avert-risk mindset and should handle Incident Management (able to Identify, Analyze, and Resolve Security Incidents)
• Contribute to the Cloud & CyberSecurity roadmap and act as an internal advisory/consultant
• Training entire staff about security and privacy best practices whenever necessary

Experience & Other Requirements

• Degree/Diploma in Computer Science / Information Technology / Cybersecurity or equivalent
• 3+ years (3-7) of experience in information security, with a focus on compliance
• Proven track record in implementing security and compliance policies & controls in a Product based Product company (preferably in a SaaS-based company)
• At least 3 years of working and implementation knowledge for any three of the compliances (ISO 27001, 27701, GDPR, HIPAA, SOC 2, DPDP)
• Good to have working knowledge of Cloud security practices & involved in DevSecOps activities
• Good research mindset with a zeal to explore, learn, share, and implement
• Preferable who can join in 30 days

About the brand:

Think9 is a brand co-creation platform that transforms powerful ideas into authentic, profitable, and experience-led brands that can define the future of brands in key consumption categories like fashion and lifestyle; food and FMCG, home and decor and beauty and wellness. We are a team of experienced entrepreneurs, marquee investors, and industry professionals who have expertise and experience in building some of the most popular brands in the country. We partner with passionate entrepreneurs to combine our collective learning and experience with data science, digital ethnography, and technology platforms to build brands that connect to the new generation of Indian consumers.

What you’ll be doing?

• Working knowledge of Shopify platform, as well as exposure to application development and the use of storefront APIs to extend Shopify functionality.

• Strong knowledge of liquid programming language and experience in development and application of custom/bespoke Shopify theme and modify  the pre-existing template(s)

• Collaborating with the UX and UI design teams to produce seamless, robust, and responsive frontend user experiences

• Manage multiple projects simultaneously, and be able to address their specific needs and  requirements at a moment's notice

• Understand business needs that drive project features & functions and provide internal consultation

• Proficiency in and understanding of best practices for HTML5, CSS, JavaScript/jQuery

• Have experience in migrating the e-commerce ecosystem in Shopify, Integrating third-party systems and Shopify supported apps

• Strong understanding of the e-commerce principles and the associated technology/tools

• Comfortable using version control systems (Bitbucket/GitHub)

• The ability to use Shopify Plus features including scripts and flow to best utilize the front and backend capabilities of the Shopify platform in building, launching and maintaining Shopify web-stores

• Strong skills in MySQL, CSS, HTML5, jQuery, JavaScript, Web Services

• Knowledge of additional platforms will be a plus

• Strong Object-Oriented Programming concepts

What you’ll bring?

• Education: Bachelor's Degree in IT, Computer Science, Computer Programming, or a similar field

• 3-5 years of experience developing within the Shopify 

• 3-5 years of experience in front-end technologies including, but not limited to, JavaScript, AJAX,HTML, CSS, SASS, XML

• Strong hands-on experience in daily eComm execution and process optimization

• Interest in staying current and applying the most current best practices

• Able to work effectively in a fluid, fast-paced environment.

● Handle calls on leads generated for skin related services on our digital platforms. ● The initial call will be primarily a sales pitch followed by issue resolutions and query handling. ● Describe the services and USPs of the same and try to generate maximum conversions. Continuous follow ups with Potential clients ● Handle skin specific queries pertaining to our services. Overall Problem solving for patients and coordination as necessary. Handle any operations related activities that may be required. ● Tabulate and record responses from all channels on excel. Generate relevant reports from the same. ● Schedule appointments for clients and coordinate with the required therapist who shall visit the client ● Analyze quality of calls and strive for improvement.