Internal Audit ( IT Security) Assistant Manager

Posted:
10/14/2024, 9:08:49 PM

Location(s):
Uttar Pradesh, India ⋅ Noida, Uttar Pradesh, India

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
On-site

About Us:
 
Paytm is India’s leading digital payments and financial services company, which is focused on driving consumers and merchants to its platform by offering them a variety of payment use cases. Paytm provides consumers with services like utility payments and money transfers, while empowering them to pay via Paytm Payment Instruments (PPI) like Paytm Wallet, Paytm UPI, Paytm Payments Bank Netbanking, Paytm FASTag and Paytm Postpaid - Buy Now, Pay Later. To merchants, Paytm offers acquiring devices like Soundbox, EDC, QR and Payment Gateway where payment aggregation is done through PPI and also other banks’ financial instruments. To further enhance merchants’ business, Paytm offers merchants commerce services through advertising and Paytm Mini app store. Operating on this platform leverage, the company then offers credit services such as merchant loans, personal loans and BNPL, sourced by its financial partners.
 
About Team :
 
The Internal Audit team at Paytm comprises seasoned professionals with diverse skill sets and experience across different verticals like process audits, technology audits and forensics. The team focuses on implementing the approved audit plan, ensuring delivery of qualitative audits and conducting internal / special reviews while leveraging technology & data analytics and gauging key risks across business processes.
 
About the role:
We are seeking an experienced and detail-oriented Information Security and Cloud Security Auditor to join our team. The ideal candidate will have 3-7 years of expertise in data security and privacy control implementation, internal auditing, third-party risk management, cybersecurity governance, and cloud security (banking sector preferred). This role will be responsible for conducting comprehensive IT and cloud security audits, ensuring compliance
with regulatory requirements, and enhancing our information security policies and procedures.

Key Responsibilities:
 Conduct IT and cloud security audits across various domains, including IT General
Controls, Information Security Controls, Cloud Security, Network Security, Vulnerability
Management, and Vendor Risk Assessments.
 Assess compliance with relevant laws, regulations, and organizational policies, providing
expertise in regulatory requirements specific to both on-premises and cloud
environments.
 Develop and enhance information security and cloud security policies and procedures in
alignment with industry best practices.
 Maintain thorough documentation of audit findings, risk assessments, and security
measures for internal and external reporting.
 Validate ITGC, cloud security, and application-specific controls, and manage audit
documentation including risk assessments, working papers, audit program checklists, and
evidence gathering.
 Follow up on and ensure closure of non-compliance issues identified during audits.
 Manage and oversee third-party risk assessments and audits, ensuring robust security
controls are in place for both traditional and cloud-based service providers.
 Lead and participate in the development, migration, and implementation of security
controls and policies for network and cloud security solutions.
 Conduct risk-based security assessments on internal, vendor, and third-party hosted
environments, focusing on both traditional IT and cloud infrastructure.
 Participate in product and vendor selection processes, contributing to the implementation
and integration of new technologies, with a strong emphasis on cloud security solutions.

Experience/ Skills Required:
 Minimum 5 years of experience in information security and auditing, with a strong
background in cloud security, and the banking and IT industries.
 Proven experience in performing IT and cloud security audits, validating ITGC and cloud
application controls, and maintaining audit documentation.
 Hands-on experience with vulnerability management, risk management, physical security,
identity & access management, encryption, secure development, incident management,
security infrastructure, and security policy for both on-premises and cloud environments.
 Expertise in third-party risk management, regulatory compliance, and managing IT audit
findings in both traditional and cloud-based contexts.
 Strong analytical and problem-solving skills.
 Excellent communication and documentation skills.
 Ability to manage multiple projects and meet deadlines.
 Strong understanding of IT, cloud security, and cybersecurity frameworks and standards.
 Proficiency in using various security assessment tools and technologies, particularly
those related to cloud environments.
 Strong analytical and problem-solving skills.
 Excellent communication and documentation skills.
 Ability to manage multiple projects and meet deadlines.
 Strong understanding of IT, cloud security, and cybersecurity frameworks and standards.
 Proficiency in using various security assessment tools and technologies, particularly
those related to cloud environments.

Qualifications & Certification:
 Bachelor's / Master’s degree in Information Technology, Cyber Security, or a related field.
 ISO 27001/CNSS/CCNA/CISA/CISM/CISSP Preferred
 Detailed knowledge of security tools, PCI-DSS, general ITGC controls, compliance testing, cloud risk assessment, GRC, OWASP, MITRE ATT&CK, change management, and policies and procedures.
 Proficiency in various security and cloud technologies including AWS, Azure, Google Cloud Platform, Palo Alto, Fortinet & Checkpoint Firewalls, SOAR (Cortex), Force scout

 Why join us
 
1.  A collaborative output driven program that brings cohesiveness across businesses through technology
2.  Improve the average revenue per use by increasing the cross-sell opportunities
3.  A solid 360 feedback from your peer teams on your support of their goals
4. Respect, that is earned, not demanded from your peers and manager
 
Compensation:
 
If you are the right fit, we believe in creating wealth for you
With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!