compliance Analyst
- Swiggy
- 3 - 5 years
- Hyderabad
- 30 days ago
- Email to a friend
- Report this job
Job Description
We are seeking a motivated and detail-oriented IT Audit Analyst to join our Audit Compliance team. The successful candidate will be responsible for planning, executing, and reporting on IT audits across various domains, including IT infrastructure, cloud environments, SaaS applications, and compliance frameworks like ISO 27001, ISO 27701, and PCI DSS. This role involves evaluating the design and effectiveness of IT controls, identifying risks, and recommending practical solutions to improve the organizations IT governance, risk management, and control environment. This role will work independently on moderately complex audits and may assist senior auditors or managers on larger engagements.
What will you get to do here
Audit Planning Execution:
- Assist in the development of risk-based IT audit plans.
- Plan and execute IT audits covering infrastructure (servers, networks, databases, operating systems), cloud services (AWS focus), and SaaS applications.
- Develop audit programs and testing procedures to evaluate IT controls related to security, operations, change management, business continuity, and data privacy.
- Perform control testing through interviews, documentation review, system observation, and data analysis.
- Plan, execute, and oversee IT audits for e-commerce systems, including cloud infrastructure, payment gateways, and data privacy controls
Compliance Framework Audits:
- Conduct audits and assessments against established IT security and privacy frameworks, including ISO 27001 (Information Security Management System) and ISO 27701 (Privacy Information Management System).
- Perform audits to assess compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements, focusing on the cardholder data environment.
- Evaluate the design and operating effectiveness of controls implemented to meet compliance objectives.
- Review system access controls, data integrity, and cybersecurity measures.
Risk Assessment Analysis:
- Identify IT risks and control weaknesses during audit engagements.
- Analyze findings, determine root causes, and assess the potential impact on the business.
- Evaluate the effectiveness of risk mitigation strategies.
Reporting Communication:
- Document audit work performed, findings, and conclusions clearly and concisely in work papers.
- Prepare draft audit reports detailing findings and practical, value-added recommendations for management.
- Communicate audit results effectively to IT management and other stakeholders.
- Track the status of management action plans to address audit findings.
Collaboration Improvement:
- Collaborate with IT personnel, business units, and external auditors as needed.
- Stay current with emerging technologies, IT security threats, audit techniques, and relevant regulations/standards.
- Contribute to the continuous improvement of the IT audit function, processes, and methodologies.
- May provide guidance or mentorship to junior audit staff.
What qualities are we looking for
Education: Bachelor s degree in information systems, Computer Science, Cybersecurity, Business Administration, or a related field.
Experience: 3-4 years of progressive experience in IT Audit, Information Security, IT Risk Management, or a related field.
Technical Skills:
Strong understanding of IT infrastructure components (networks, operating systems, databases, servers, virtualization).
Solid knowledge of cloud computing concepts and specific experience auditing cloud environments.
Understanding of SaaS models and experience assessing controls related to third-party/vendor risk management for SaaS solutions.
Knowledge of IT general controls (ITGCs) and application controls.
Framework Standard Knowledge:
Demonstrated experience with and knowledge of ISO 27001 and/or ISO 27701 standards and auditing practices.
Demonstrated experience with and knowledge of PCI DSS requirements and assessment procedures.
Familiarity with other relevant frameworks (e.g., NIST Cybersecurity Framework, COBIT, SOX ITGCs) is a plus.
Audit Skills:
Proficiency in IT audit methodologies, risk assessment techniques, and control testing procedures.
Strong analytical, problem-solving, and critical-thinking skills.
Excellent written and verbal communication skills, with the ability to articulate technical issues to both technical and non-technical audiences.
High level of attention to detail and accuracy.
Ability to manage multiple tasks and deadlines effectively.
Proficiency with standard office software (e.g., Microsoft Office Suite).
Professional certification such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), AWS Certified Security - Specialty, or similar.
Experience working with GRC (Governance, Risk, Compliance) tools.
Experience with data analysis tools used in auditing (e.g., ACL, IDEA, Excel PowerQuery/Pivot).
Experience in specific industries (e.g., finance, healthcare, technology) may be advantageous.
Job Classification
Industry: Software ProductFunctional Area / Department: IT & Information SecurityRole Category: IT Infrastructure ServicesRole: System AnalystEmployement Type: Full timeContact Details:
Company: SwiggyLocation(s): Hyderabad+ View Contact
Keyskills: Data analysis Cisa Cobit Risk assessment Information security Analytical ISO 27001 Healthcare Analyst II Risk management
Fraud Alert to job seekers!
₹ Not Disclosed
Similar positions
Swiggy
Swiggy is Indias leading on-demand delivery platform with a tech-first approach to logistics and a solution-first approach to consumer demands. With a presence in 500 cities across India, partnerships with hundreds of thousands of restaurants, an employee base of over 5000, a 2 lakh+ strong independ...
Job Listings
We are in open beta version of website, please let us know if any issues, at: info(at)indigojobs.in