Job Description:
ESK Technologies is seeking an experienced IT Audit & Compliance to join our team in Bangalore.
o Ensuing SEBI Guidelines are followed going through new sebi rules which keep coming
o Creating reports for multiple Audits and Submitting to exchange
o Operational Audit (Evaluation of Company operations on IT/Security and Trading)
o IT Risk Audit
o Policy Enforcement
o Documentation
o Data protection Audits
o Application Audits.
o Performing Internal Audits
o Being updated with latest Audit Frameworks
Core Technical & Compliance Skills for IT Audit:
Audit Frameworks & Standards
- Familiarity with SEBI Cyber Security Guidelines
- Understanding of ISO 27001, COBIT, NIST, SOC 2 frameworks
- Awareness of SEBI circulars (e.g., System audit, VAPT frequency, cyber incident
reporting timelines)
IT Risk Management
- Conducting and documenting IT Risk Assessments
- Understanding of risk rating (like × impact, residual risk, control mapping)
- Hands-on with risk registers, risk treatment plans
Application & Infrastructure Audit
- Review of access Management, change management, backup,logging, resilience.
- Ensure event log generation, session handling, security controls are in place.
- Experience in tools like Nessus
Policy and Process Review
- Drafting & validating IT policies: password, backup, access, data retention,
encryption
- Ensuring enforcement across systems (check if logs, permissions, and configurations
reflect policy)
Data Protection & Privacy Audits:
- Understanding of data classification, masking, retention
- Checking secure storage, encryption in transit/at rest, user access logs
- Checking secure storage, encryption in transit/at rest, user access logs
Security Control Validation:
- Hands-on or coordination of VAPT, patch audits, firewall rule reviews
- Check for 2FA, antivirus, endpoint control agents
- Check SFTP access, SSH key usage, or public cloud IAM policies
Documentation, Reporting & Regulatory Submissions:
- Creating Audit Trail, Evidence Repositories, and compliance dashboards
- Creating documents, reports, critical asset inventory.
- Prepare reports for SEBI, stock exchanges (NSE/BSE), internal compliance teams
- Format audit findings as per regulatory templates
Monitoring & Logging Validation:
- Review of tools like Zabbix, Nagios, or SIEM systems
- Check for log retention periods, event types, and audit policy alignment
Access Control Auditing:
- Reviewing LDAP/IAM policies
- Checking least privilege, role-based access control (RBAC)
- Joiner/mover/leaver process compliance checks
Tools:
- Nessus, Elk, Wazuh, LDAP, AWS IAM.
