Job Description
Company: BDO India
Location: Bengaluru, IN
About Company
BISPL (or BDO India) is the India member firm of BDO International. BDO India offers strategic, operational, accounting and tax & regulatory advisory & assistance for both domestic and international organisations across a range of industries. BDO India is led by more than 300 Partners & Directors with a team of over 7000 professionals operating across 12 cities. We expect to grow sizably in the coming 3-5 years, adding various dimensions to our business and multiplying the increasing the current team size multi-fold.
What are we looking for:
We are looking for an experienced IT Audit and Cyber Risk professional with strong expertise in ITGC, internal audits, and SOC reporting. The role involves leading regulatory audits across BFSI entities aligned with RBI, SEBI, and IRDAI norms. You should be able to assess IT controls, identify risks across systems, and translate them into business impact. The role also requires overseeing third-party risks, reviewing SOC/VAPT/BCP effectiveness, and managing stakeholder interactions during audits.
Role & responsibilities
• Certifications considered – CISA, CISSP, CISM, CompTIA Security+, CRISC, CCSP
• Shall possess hands-on technical experience executing a diverse range of engagements, including IT General Controls (ITGC) audits, comprehensive Internal Audits of complex IT environments, and the evaluation/preparation of SOC reports.
• Shall independently drive and execute regulatory compliance audits spanning diverse financial entities, including Banks, NBFCs, Fintechs, Insurance Brokers, and Stockbrokers ensuring adherence to applicable RBI, SEBI, and IRDAI norms.
• Ability to critically evaluate technical evidence, identify inconsistencies, and detect control circumvention risks across applications, databases, and infrastructure.
• Shall independently verify that the organizations IT strategy, policy frameworks, and Board-level oversight (ITSC/ACB) strictly align with regulatory Master Directions and maintain a clear, independent reporting line for the CISO.
• Shall audit the security posture of the extended ecosystem, including third-party vendors, outsourced IT services.
• Capability to seamlessly bridge the gap between technical IT controls and broader regulatory expectations, translating complex cyber risks into clear business impacts.
• Shall validate the operational effectiveness of security monitoring (SOC), VAPT cycles, and BCP/DR readiness to ensure the institution can detect threats in real-time and recover from system failures within mandatory RPO/RTO targets.
• Strong understanding of the control environments surrounding complex payment systems, including Payment Aggregators/Payment Gateways (PA/PG), cross-border data flows, and third-party payment integrations.
• Supervise and review the fieldwork of senior associates/consultants, ensuring that audit working papers, test scripts, and documentation meet rigorous qualitative standards.
• Collaborating with IT process owners to design practical, risk-mitigating controls and actively tracking remediation plans to closure.
• Act as a key liaison during external regulatory inspections and statutory audits, facilitating clear communication between technical IT teams, external auditors, and senior management.
Source: LinkedIn