Associate Director - IT & Information Security Audit

Associate Director - Technology/ Infosec Auditor

Department

None

Job Description

Role: Associate Director - Technology/ Infosec Auditor 

Department: Internal Audit

Location: Mumbai

Job Description

The IT Auditor will be part of the Audit team, providing support in the execution of Technology audits globally across all business of Crisil. This position will help you gain insights into the internal technology environment and develop skills in a trusted advisory capacity.

As an IT Auditor in the Crisil Internal Audit team you will be responsible for leading internal audit process reviews independently and on some occasions in collaboration with an internal audit service provider, implementing and executing IT governance, leading risk-related projects, and performing technology audits. This role requires strong stakeholder management, risk assessment expertise, and the ability to provide insights on process enhancements from IT & Information security standpoint.

The ideal candidate for this role must be an experienced IT & Infosec audit professional with strong understanding of information security and system architecture, and a strong level of comfort with IT infra, related security measures and automations.

Key Responsibilities:

• Assist in the execution of application security audits, supporting the approved Audit Plan.
• Participate in security audits, helping to identify vulnerabilities across applications and infrastructure.
• Support the audit process by gathering information and documenting findings.
• Collaborate with audit team members to discuss audit findings and assist in developing action plans.
• Learn and utilize data analytics and Automation knowledge to enhance the efficiency of audit execution.
• Stay informed about best practices in information security to contribute to team discussions.
• Keep updated on emerging security threats and trends to support internal audit processes.
• Compliance Auditing: Perform internal and external audits to ensure adherence to standards like ISO 27001, PCI DSS, and HIPAA.
• Risk & Control Assessment: Evaluate the effectiveness of IT controls, including access management, change management, and security policies.
• Vulnerability Assessment: Conduct tests on infrastructure, applications, and networks to identify security weaknesses.
• Reporting: Prepare detailed, high-level, and technical reports for stakeholders summarizing findings, risks, and remediation recommendations.
• Policy Review: Analyze security policies, procedures, and documentation to ensure they align with industry best practices.
• Remediation Support: Assist teams in developing action plans to address identified security gaps.

What We’re Looking For:

• 9-14 years of experience in technology audits or related fields, internships or academic projects included.
• Basic understanding of security concepts and practices in IT environments.
• Familiarity with tools used for security testing (e.g., Burp Suite, NMAP) is a plus.
• Exposure to programming languages (e.g., Python) and an interest in AI technologies are advantageous.
• Strong analytical skills and attention to detail.
• Good written and verbal communication skills.
• Ability to work collaboratively in a team-oriented environment.
• Excellent ability to explain complex technical vulnerabilities to non-technical staff and leadership.
• Deep understanding of networking, operating systems, databases, and security tools (e.g., firewall, SIEM).

Basic Qualifications:

• A bachelor’s degree in information technology, computer science, or a related field.
• Experience with integrated audits, electronic work papers and standard productivity tools.
• Strong academic and professional credentials.
• Professional certifications preferred (CISA, CISM, CISSP etc.).

Open Positions

1

Mandatory Skills

Security controls,programming languages,Information Security,Cisa,IT Audit

Education Qualification

CISA / CISM

Experience

9 to 15 years