Maximus - Audit & Compliance Professional

Job Description :

• Plan, execute, and document internal audits of information security controls, processes and systems.
• Monitor compliance with current industry standards and regulatory requirements such as ISO 27001, PCI-DSS, RBI, NPCI UIDAI and CERT-IN.
• Assist in the preparation and facilitation of third-party audits and regulatory inspections.
• Identify gaps in policies, procedures, and practices and propose risk-based solutions.
• Maintain and update compliance documentation, including risk registers, control matrices, and audit logs.
• Track remediation plans and ensure timely closure of audit findings.
• Coordinate with different departments (IT, HR, Legal, Applications) for evidence collection and audit readiness.
• Support security awareness training programs to ensure organizational compliance culture.
• Stay updated with regulatory changes and best practices in information security compliance.
• Working knowledge of compliance standards such as ISO / IEC 27001, SOC 2, PCI-DSS, NIST, NPCI, etc.
• Familiarity with internal audit methodologies and risk management frameworks.
• Experience using GRC tools or audit management software.
• Experience in Digital Payments, BFSI, fintech, or government-regulated environments.
• Understanding of SIEM tools and data privacy frameworks.
• Strong attention to detail and organizational skills.
• Excellent analytical and problem-solving abilities.
• Ability to communicate clearly and effectively with technical and non-technical stakeholders.
• Self-motivated with the ability to manage multiple audits and deadlines.

Key Responsibilities : IT Audit & Compliance

Department : Function Technical

Educational qualifications : Bachelors degree in Information Technology / Cybersecurity / Business Administration or in a related field.

Certification : ISO 27001 Lead Auditor, CISA, CRISC, or equivalent are preferred.

Experience : Required 3+ years of experience in IT audit, security compliance, or risk management.

ref : iimjobs.com)