GRC Auditor (BFSI)
Location: Santacruz, Mumbai
Experience: 2–5 Years
Salary: Up to ₹9 LPA
Job Type: Full-time
Looking for Immediate Joiners only
Job Summary
We are hiring a GRC Auditor with experience in the BFSI (Banking, Financial Services & Insurance) domain to support technology audits, information security governance, regulatory compliance, and risk management initiatives. The ideal candidate should have hands-on experience in IT General Controls (ITGC), Information Security Audits, Risk Assessments, and regulatory compliance within banking, NBFC, FinTech, insurance, or capital market organizations.
Key Responsibilities
- Conduct IT General Controls (ITGC) and Information Security audits.
- Perform IT Application Control (ITAC) reviews, control testing, and audit documentation.
- Support internal, external, statutory, and regulatory audits.
- Assess Identity & Access Management (IAM), User Access Reviews (UAR), privileged access, and Segregation of Duties (SoD).
- Execute Third-Party Risk Management (TPRM) and vendor security assessments.
- Review change management, backup, disaster recovery (DR), and business continuity controls.
- Identify control gaps, perform risk assessments, and recommend remediation plans.
- Prepare audit reports, maintain audit evidence, and track closure of audit observations.
- Ensure compliance with regulatory and industry standards such as RBI, SEBI, NPCI, IRDAI, ISO 27001, PCI DSS, COBIT, and NIST.
- Collaborate with technology, business, and compliance teams to strengthen governance and security controls.
Required Skills
- 2–5 years of experience in IT GRC, IT Audit, Information Security Audit, Technology Risk, or GRC Audits.
- Experience in ITGC, ITAC, Risk Assessments, Control Testing, Audit Execution, and Compliance Reviews.
- Hands-on exposure to BFSI, Banking, NBFC, FinTech, Insurance, or Capital Markets.
- Knowledge of RBI, SEBI, NPCI, IRDAI, ISO 27001, PCI DSS, COBIT, NIST, or similar frameworks.
- Experience in IAM, UAR, TPRM, ISMS, BCMS, Vendor Risk Management, and audit documentation.
- Excellent analytical, documentation, and communication skills.
Mandatory Requirements
- Experience in the BFSI domain.
- Experience in ITGC / Information Security Audits / Technology Risk.
- ISO 27001 Lead Auditor certification or equivalent certification is mandatory.
Preferred Certifications
- ISO 27001 Lead Auditor
- CISA
- CRISC
- CISSP
- CEH
- COBIT
- PCI DSS
Pay: ₹500,000.00 - ₹900,000.00 per year
Work Location: In person