Own and manage IT General Controls (ITGC) framework across applications, databases, servers, network, and cloud.
Facilitate and support RBI IT Master Direction, ISO 27001 and internal audit engagements.
Work closely with IT, cybersecurity, and business functions to remediate audit findings and close gaps.
Define, review, and enforce access controls, change management, backup, incident management, and logical security controls.
Prepare and maintain audit-ready documentation and control evidence repositories.
Drive user access reviews, privileged access governance, and policy compliance.
Assist in the development and implementation of InfoSec policies, SOPs, and risk registers.
Liaise with external auditors and consultants to manage assurance activities.
Monitor compliance with third-party risk, outsourcing obligations, and vendor SLAs related to security and IT controls.
Facilitate and oversee end-to-end vulnerability management program for all applications, underlying infrastructure and create the reports, share status with audit team, and address issues, if any
Periodically apprise the on-information security posture of the organization, highlight challenges, risk, and improvement areas
Manage InfoSec awareness program & Phishing simulation program for company employee in coordination with HR team.
Perform regular compliance assessment based on define KPI & KRI.
