Audit Manager

Position: Infosec Audit Manager
Designation: Audit Manager
Experience: 8 to 12 Years (Relevant)
Work Mode: Work from Office (WFO)
Shift Timing: 2:00 PM to 11:00 PM
Location: Bangalore (Brookefield / JP Nagar)

Mandatory Skills:

• Client questionnaires
  

• Security auditing
  

• ISO 27001:2022
  

• Audit coordination
  

• NIST CSF
  

• Audit program development
  

• Security Analyst / Client Analyst experience
  

Good to Have:

• CISSP certification
  

• ISO certification
  

• OneTrust
  

• GRC tool experience
  

Role Overview:

We are seeking an experienced and motivated Infosec Audit Manager to join our Information Security and Risk Management team. This role reports to the Director of Information Security Governance, Risk, and Compliance and supports the CISO’s office. You will be responsible for managing and coordinating internal and external audits while ensuring regulatory compliance and enhancing the organization’s security posture.

The ideal candidate is a self-starter with deep technical knowledge, strong audit and compliance experience, and excellent communication and relationship-building skills.

Key Responsibilities:

Audit Management:

• Develop audit programs and plans for ISO, SOC 2, and other audits.
  

• Manage internal and external audit engagements and coordinate evidence collection through the OneTrust GRC tool.
  

• Oversee the entire audit process, ensuring compliance with relevant standards and frameworks.
  

• Review audit reports, management responses, and supporting documentation to ensure accuracy and quality.
  

• Identify gaps and provide actionable, practical recommendations for improvement.
  

• Validate the sufficiency of evidence in line with control requirements.
  

• Design both automated and manual control testing methodologies.
  

Governance, Risk & Compliance (GRC):

• Support the implementation of compliance-by-design and security-by-design principles across the organization.
  

• Assess compliance with evolving regulatory requirements such as ISO 27001, NIST 800-53, SOC 2, and HIPAA.
  

• Coordinate with stakeholders to perform internal control testing and risk assessments.
  

• Conduct internal compliance assessments and prepare stakeholders for external audits.
  

• Develop and maintain scalable models and tools for compliance management and reporting.
  

• Draft and review internal policies, provide feedback, and support operationalization of policies.
  

• Generate audit dashboards and reports for leadership to drive informed decision-making.
  

Stakeholder Engagement & Collaboration:

• Collaborate effectively across teams and establish strong relationships with control owners and operators.
  

• Promote a culture of compliance and awareness aligned with the firm’s risk tolerance.
  

• Provide guidance and training on security and compliance practices.
  

Experience & Qualifications:

• Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent work experience).
  

• 8–12 years of relevant experience in information security audits and compliance.
  

• Hands-on experience with security frameworks and standards: ISO 27001:2022, SOC 2, NIST 800-53, NIST CSF, COSO, HITRUST.
  

• Experience with regulatory compliance (e.g., HIPAA).
  

• Proficient in managing audits using GRC tools, especially OneTrust.
  

• Strong understanding of IT security controls, risk assessments, and internal audits.
  

• Certifications such as CISA, CISSP, CRISC, or CISM are preferred.
  

• Excellent communication, organizational, and analytical skills.
  

• Ability to work independently and handle multiple projects in a fast-paced environment.