2,546 Security Audit jobs in India

ROLE SUMMARY

The National Head of Information Security, Audit, and Compliance is responsible for organization’s information security governance, risk management, and compliance frameworks are robust, aligned with regulatory requirements, and continuously improved to mitigate risks and enhance security controls. The role will be responsible for overseeing and leading the organization's information security audit and compliance functions across all business units and regions.

The Head will be responsible for developing and executing a strategic audit plan for information security, ensuring adherence to industry standards (such as RBI and other relevant guidelines), and managing a team of skilled auditors. Additionally, the role involves driving operational governance related to information security and audit functions, enabling improvements in efficiency through robust compliance frameworks, and fostering a culture of security awareness and innovation within the team. The Head will focus on enhancing the skills and capabilities of the information security team while creating an environment that promotes high performance.

KEY RESPONSIBILITIES

Strategic Direction

• Develop and implement a comprehensive information security audit strategy aligned with the organization’s business objectives, risk appetite, and regulatory requirements
• Ensure the development and execution of the audit framework, annual audit plan/calendar, prioritizing audits based on risk assessments and business impact.

Risk & Compliance

• Review and ensure that information security governance frameworks and policies are well-defined, communicated, and adhered to across MFL.
• Oversee and ensure compliance with regulatory requirements, such as RBI guidelines, ISO 27001, PCI DSS, GDPR, and other relevant standards specific to the Non-Banking Financial Company (NBFC) sector.
• Assess and evaluate the information security risk across business units and implement appropriate controls and mitigation strategies.
• Lead end-to-end audits of the MFL’s IT systems, infrastructure, applications, and business processes, focusing on identifying security vulnerabilities, non-compliance issues, and gaps.
• Evaluate the effectiveness of existing controls and security measures, providing recommendations for improvements.
• Ensure periodic reviews of third-party vendors and service providers to ensure they comply with the company’s security standards and regulatory obligations.
• Provide regular updates to the Board on risk and compliance matters, incorporating their feedback into the overall strategy and operational plan

Stakeholder Management & Reporting

• Collaborate with various business units, including IT, Risk, Legal, and Compliance, to promote awareness and understanding of security audit findings and best practices.
• Work with the business units and functions for ISO certification
• Work with the external auditors, regulators, and other stakeholders to ensure alignment on compliance-related issues.
• Prepare and present audit reports, findings, and recommendations to senior management and quarterly to the Audit Committee.

Operational Excellence

• Leverage information security practices effectively while driving innovation for efficiency improvements, ensuring that compliance considerations remain central to all initiatives
• Lead efforts to enhance security and compliance across all existing and future products, services, and processes to maintain a competitive advantage
• Develop and lead training programs to enhance awareness and understanding of security and compliance within the organization.
• Drive the continuous improvement of information security policies, procedures, and audit methodologies, ensuring they remain relevant and effective in addressing emerging risks.

Team management and capability development

• Develop clear goals for the compliance team and facilitate alignment with broader organizational objectives, regularly reviewing team performance and providing constructive feedback
• Identify training needs and implement capability-building programs that empower teams to excel and adapt to the evolving regulatory landscape
• Foster a culture of collaboration, accountability, and excellence within the team

KEY CHALLENGES

• Driving awareness and building an environment where audit is considered as a priority
• Internal pace of working and slow pace of approvals

KEY DECISIONS TAKEN

• Sign off on the IS Audit before sharing with Audit Committee
• Recommendations across business with respect to risk and compliance in reference to information security

KEY INTERACTIONS

Internal Stakeholders

External Stakeholders

Audit Committee: Present audit findings to the committee every quarter

Senior Leadership: Provide insights on the key findings from the audits conducts and gaps identified

All functional heads to seek alignment on the audit process and ensure compliance as per set standards

Vendors Audit Partners – Provide necessary support to carry out auditing process

Regulatory Authorities such as RBI to ensure compliance with external regulations and directives

KEY ROLE DIMENSIONS

Team Size: 2 direct reports

EDUCATION / EXPERIENCE

Minimum Qualification:

Bachelor’s or Master’s degree in Computer Science, Information Security, Audit, Risk Management, Business Management or a related field.

Nature of Experience:

• At least 12-15 years of proven experience in information security, audit, risk management, and compliance, with at least 5 years in a leadership role in BFSI or NBFC.
• Strong background in compliance frameworks, risk management, and security strategy.
• Professional certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), or equivalent are highly desirable.
• Proven track record in implementing effective security solutions that enhance operational efficiency and ensure regulatory compliance.
• In-depth knowledge of regulatory frameworks, standards, and best practices for information security (e.g., RBI Guidelines, ISO 27001, NIST, GDPR).
• Strong background in conducting internal audits related to information security, risk management, and IT governance within the financial services or NBFC sector.
• Proven track record of successfully leading audits, driving compliance, and implementing corrective actions.
• Strong understanding of the information security landscape, including risk management, vulnerability management, incident response, data protection, and business continuity planning.
• Experience with tools and technologies used for security auditing and vulnerability assessment.
• Excellent communication and interpersonal skills, with the ability to interact with senior management, regulators, and external auditors.
• High degree of integrity, professionalism, and ethical standards.
• Strong analytical and problem-solving skills.
• Ability to handle multiple priorities and work under pressure to meet deadlines.
• Strong leadership and team management skills, with a collaborative approach to achieving organizational objectives.

• Bachelor's or Master's degree in Statistics, Mathematics, Finance, Economics, or a related quantitative field.
• Minimum of 5 years of experience in risk assessment, preferably within the insurance industry.
• Proven expertise in statistical modeling, data analysis, and risk management methodologies.
• Proficiency in data analysis tools and programming languages such as Python, R, SAS, or SQL.
• Strong understanding of insurance products, markets, and regulatory environments.
• Excellent analytical, problem-solving, and critical thinking skills.
• Exceptional written and verbal communication skills, with the ability to articulate complex concepts clearly.
• Ability to work independently and as part of a remote team, demonstrating strong organizational and time management skills.
• Experience with specific insurance risk management software is a plus.

• Perform actuarial valuations and analysis for various insurance products (life, health, general).
• Develop, test, and implement pricing models and reserving methodologies.
• Analyze statistical data to assess risk and predict future claim costs.
• Assist in the development and maintenance of financial projections and solvency requirements.
• Collaborate with actuaries, underwriters, and product managers to support product development and strategy.
• Prepare regulatory filings and reports, ensuring compliance with industry standards.
• Use actuarial software and programming tools (e.g., SQL, Python, R, Prophet) for data analysis and modeling.
• Stay current with actuarial standards of practice, regulations, and industry trends.
• Communicate complex actuarial concepts and findings to non-technical stakeholders.
• Contribute to the continuous improvement of actuarial processes and methodologies.
• Support internal and external audits related to actuarial data and models.
• Mentor junior analysts and provide guidance on actuarial techniques.

• Bachelor's degree in Actuarial Science, Mathematics, Statistics, or a related quantitative field.
• Progress towards actuarial exams (e.g., ACET, IFoA, SOA/CAS) is strongly preferred.
• 2-5 years of experience in the insurance or actuarial field.
• Proficiency in actuarial modeling software and databases.
• Strong analytical, quantitative, and problem-solving skills.
• Excellent written and verbal communication skills.
• Familiarity with insurance products and regulatory requirements.
• Proficiency in Microsoft Excel and SQL is required. Experience with programming languages like Python or R is a plus.
• Ability to work effectively both independently and as part of a team.
• Attention to detail and commitment to accuracy.

About the role

The individual will be responsible for executing IT security audits, ensuring adherence to ISMS and ITGC controls, and identifying potential security risks. The role involves conducting security assessments, ensuring regulatory compliance, and assisting in strengthening the bank’s cybersecurity framework.

What you will do

• Conduct audits of ISMS and ITGC frameworks to ensure compliance with ISO 27001, RBI guidelines, and industry best practices.
• Assess IT controls over applications, networks, cloud environments, and endpoint security.
• Ensure adherence to RBI cybersecurity circulars, CSITE, and CERT-IN requirements.
• Evaluate security governance, third-party risk management, and data privacy controls.
• Identify cybersecurity risks and vulnerabilities in IT systems and infrastructure.
• Perform security control testing, incident response assessments, and review IT security policies.
• Document audit findings and provide actionable recommendations for control enhancements.
• Monitor remediation plans and track the closure of security audit issues.
• Work closely with IT, security, and risk teams to strengthen cybersecurity processes.
• Assist in security awareness programs and regulatory audit preparedness.

What you will need

• Strong understanding of ISO 27001, RBI IT security guidelines, and CERT-IN regulations.
• Experience in assessing ITGC frameworks covering identity access management, change management, and backup controls.
• Ability to identify security risks, review access controls, and ensure regulatory adherence.
• Knowledge of network security, cloud security, and vulnerability management frameworks.
• Strong skills in audit documentation, reporting, and engagement with IT and risk teams.

Experience & Qualifications

• BE/BTech or equivalent degree in Information Security, IT, or Cybersecurity.
• Certifications: CISA (Mandatory).
• 5+ years of relevant experience in Information Security Audits of which at least two years in Banking domain.

Life at slice:

Life so good, you’d think we’re kidding:

• Competitive salaries. Period.
• An extensive medical insurance that looks out for our employees & their dependants. We’ll love you and take care of you, our promise.
• Flexible working hours. Just don’t call us at 3AM, we like our sleep schedule.
• Tailored vacation & leave policies so that you enjoy every important moment in your life.
• A reward system that celebrates hard work and milestones throughout the year. Expect a gift coming your way anytime you kill it here.
• Learning and upskilling opportunities. Seriously, not kidding.
• Good food, games, and a cool office to make you feel like home. An environment so good, you’ll forget the term “colleagues can’t be your friends”.
• We believe in equality. Period.

At slice, we are committed to building a diverse and talented workforce. We never discriminate on the basis of race, sex, religion, colour, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, medical condition, disability, or any other class or characteristic protected by the applicable law.

We consider all qualified job-seekers with criminal histories in a manner consistent with the applicable law. Additionally, we are committed to providing reasonable accommodations to qualified individuals with physical or mental disabilities in order to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment.

Come join our crew!

About Us

slice, A new bank for a new India

slice’s purpose is to make the world better at using money and time, with a major focus on building the best consumer experience for your money. We’ve all felt how slow, confusing, and complicated banking can be. So, we’re reimagining it. We’re building every product from scratch to be fast, transparent, and feel good, because we believe that the best products transcend demographics, like how great music touches most of us.

Our cornerstone products and services: slice savings account, slice UPI credit card, slice UPI, and slice business are designed to be simple, rewarding, and completely in your control. At slice, you’ll get to build things you’d use yourself and shape the future of banking in India. We tailor our working experience with the belief that the present moment is the only real thing in life. And we have harmony in the present the most when we feel happy and successful together.

We’re backed by some of the world’s leading investors, including Tiger Global, Insight Partners, Advent International, Blume Ventures, and Gunosy Capital.

• Analyze insurance applications to assess risks and exposures.
• Determine the eligibility of applicants and set appropriate terms, conditions, and premiums.
• Develop and maintain a thorough understanding of various insurance products and market trends.
• Communicate effectively with agents, brokers, and policyholders to gather information and explain underwriting decisions.
• Ensure compliance with company policies, procedures, and regulatory guidelines.
• Review and manage a portfolio of existing policies, making adjustments as necessary.
• Collaborate with the claims department to provide underwriting insights on complex cases.
• Contribute to the development and refinement of underwriting guidelines and strategies.
• Mentor and train junior underwriters.

• Bachelor's degree in Finance, Economics, Business Administration, or a related field.
• Extensive experience as an Insurance Underwriter, with a specialization in a specific line of insurance (e.g., property, casualty, life).
• Strong knowledge of underwriting principles, risk assessment techniques, and insurance regulations.
• Excellent analytical, quantitative, and decision-making skills.
• Proficiency in underwriting software and Microsoft Office Suite.
• Strong negotiation and communication skills.
• Ability to work independently and as part of a team.
• Relevant professional designations (e.g., CPCU, AU) are highly desirable.

• Conduct comprehensive actuarial studies to assess risks related to insurance products.
• Develop, implement, and maintain pricing models for life, health, and other insurance lines.
• Analyze claims data, identify trends, and forecast future liabilities.
• Ensure compliance with all relevant insurance regulations and solvency requirements.
• Prepare actuarial reports for management, regulators, and other stakeholders.
• Mentor and guide junior actuarial staff, fostering their technical and professional growth.
• Collaborate with cross-functional teams to provide actuarial support for product development and business strategy.
• Utilize advanced statistical techniques and modeling software for actuarial analysis.
• Stay current with actuarial science advancements and industry best practices.

• Fellowship or Associate membership in a recognized Actuarial Society (e.g., IAI, SOA, CAS).
• Minimum of 8 years of actuarial experience in the insurance industry.
• Proven expertise in pricing, reserving, or modeling of life or health insurance products.
• Strong proficiency in actuarial software (e.g., Prophet, GGY Axis) and programming languages (e.g., R, Python, SQL).
• Excellent analytical, quantitative, and problem-solving skills.
• Strong understanding of Indian insurance regulations and solvency frameworks.
• Exceptional communication and presentation skills, with the ability to explain complex concepts clearly.
• Demonstrated leadership potential and experience mentoring junior professionals.