Job Title: IT Risk & Security – Associate
Years of Experience: 4 – 6 Years
Location: India, Mumbai, Andheri, Saki Naka
 
Job Summary:

We are seeking a detail-oriented Associate – IT Risk, Security & Audit to support product development and deployment by assisting in compliance, security governance, risk management, audits, and certifications within our banking technology environment. The role involves supporting audits, managing risk assessments, monitoring security operations, and ensuring compliance with RBI and global frameworks (ISO 27001, PCI-DSS, SOC2, etc.). The ideal candidate will have prior experience in BFSI/fintech environments and a solid foundation in IT risk, security controls, and audit processes.
 
Key Responsibilities:

  • Audit, Governance & Compliance
  • Assist in planning, coordinating, and executing internal and external audits (ITGC, ISO, SOC2, PCI-DSS, RBI regulatory audits).
  • Maintain audit documentation, evidence, and support certification processes under guidance of the Lead.
  • Track audit observations, prepare status reports, and ensure timely closure with IT/engineering teams.
  • Support compliance with RBI guidelines, CERT-In advisories, DPDP Act, and other regulatory requirements.

  • Risk Management & Control
  • Participate in IT & cyber risk assessments; document risks and track remediation progress.
  • Maintain IT risk registers, KRIs, and compliance checklists.
  • Assist in preparing risk/audit reports for management and regulators.

  • Security Operations & Incident Support
  • Monitor alerts from SOC tools (SIEM, DLP, IAM, Endpoint Protection) and escalate as required.
  • Support periodic Vulnerability Assessments and Penetration Testing (VAPT) and follow up on remediation.
  • Log and track incidents, participate in incident response simulations, and assist in BCP/DR drills.

  • Governance & Awareness
  • Maintain and update security policies, SOPs, and compliance documents.
  • Conduct or coordinate periodic security awareness and phishing simulation exercises.
  • Assist in preparing MIS reports on risk, security posture, and audit readiness.

Required Skills and Qualifications:

  • Experience: 4–6 years in IT risk management, security operations, or audit/compliance
  • Education: Bachelors in information security, Computer Science, IT, or related field.
  • Technical Knowledge:
  • Familiarity with ISO 27001, PCI-DSS, SOC2, and ITGC audits.
  • Hands-on exposure to security tools (SIEM, vulnerability scanners, IAM, DLP, endpoint protection).
  • Understanding of cloud security basics (AWS/Azure/GCP).
  • Awareness of DevSecOps, API security, and container security concepts.
  • Soft Skills: Strong documentation, analytical, and communication skills. Ability to coordinate with multiple teams and manage follow-ups.

Preferred Qualifications:
  • Certifications: ISO 27001 Internal Auditor, CompTIA Security+, CISA (foundation level), or CEH.
  • Prior BFSI/fintech experience with exposure to RBI compliance and audit cycles.
  • Experience with GRC tools or audit management systems.
  • Basic scripting knowledge (Python, PowerShell, or Shell scripting) for automating reporting (nice to have).

View all job openings