Exposure Management – Audit Readiness SME / Analyst Role Summary The Exposure Management – Audit Readiness SME/Analyst is responsible for ensuring the organization’s exposure management program (vulnerability scanning, attack surface management, and remediation tracking) is auditready, defensible, and aligned with internal controls and regulatory expectations. This role bridges technical security operations with audit, risk, and compliance teams to translate exposure data into clear, evidencebased narratives for audits and assessments. Key Responsibilities Audit & Compliance Readiness Serve as the primary SME for audit readiness related to exposure and vulnerability management. Prepare, review, and validate audit evidence (policies, procedures, scan results, metrics, remediation records). Support internal audits, external audits, regulatory exams, and risk assessments. Control Mapping & Documentation Map exposure management activities to applicable frameworks (e.g., NIST CSF, NIST 80053, ISO 27001, SOC, PCI). Maintain documentation for control design, operational effectiveness, and continuous improvement. Ensure testing frequency, coverage, and remediation practices meet stated control requirements. Exposure & Risk Analysis Analyze exposure data (vulnerabilities, misconfigurations, exploitability indicators) to support audit inquiries. Validate completeness and accuracy of asset coverage and scanning scope. Translate technical exposure findings into businessaligned risk statements. Stakeholder & CrossFunctional Coordination Act as liaison between security engineering, infrastructure, application teams, and audit/compliance stakeholders. Support audit walkthroughs and provide clear explanations of exposure management processes. Track and manage audit findings related to exposure management through remediation and closure. Metrics, Reporting & Evidence Management Define and maintain auditready metrics (coverage, scan cadence, remediation SLAs, exceptions). Support dashboards and reporting for leadership, audit committees, and regulators. Ensure evidence repositories are accurate, current, and easily retrievable. Continuous Improvement Identify control gaps, documentation weaknesses, and audit risks. Recommend remediation actions to improve audit posture and exposure management maturity. Support alignment with Continuous Threat Exposure Management (CTEM) practices. Required Qualifications 5+ years of experience in cybersecurity, vulnerability/exposure management, risk, audit, or compliance. Strong understanding of vulnerability management and exposure concepts (CVSS, exploitability, riskbased prioritization). Experience supporting internal and/or external audits. Familiarity with security and compliance frameworks (NIST, ISO, SOC, PCI). Strong documentation, communication, and stakeholder management skills. Preferred Qualifications Experience with exposure or vulnerability management platforms (e.g., Tenable One, Qualys, Rapid7). Experience working with CTEM or attack surface management programs. Prior experience in regulated or large enterprise environments. Certifications such as CISSP, CISA, CRISC, or similar are a plus. Key Competencies Audit and control mindset Strong technicaltobusiness translation Attention to detail and evidence quality Riskbased analysis and prioritization Crossfunctional collaboration
Thanks
[email protected]
Job Type: Contractual / Temporary
Work Location: Hybrid remote in Bengaluru, Karnataka (Bengaluru, Bengaluru Urban District)
