Control Resilience Assessor - Information & Cyber Security (4+ years)

Location: Mumbai
Discipline: Legal, Risk & Compliance
Job type: Permanent
Contact name: Nishant Sharma

Contact email:
Job ref: 37252
Published: about 1 year ago

Sr. Analyst – Control Resilience Assessor – 4-8 years

Job opportunity for a working professional having at least 4 years of experience conducting design adequacy and operating effectiveness testing of on-prem and cloud controls associated with different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001, CCPA, NYDFS etc.

Location: Mumbai

Shift: Afternoon

Your Employer: A leading, global group with a strong foothold in specialty financial services serving millions of customers across the full spectrum.


  1. Performing controls (On-prem & Cloud) including assessment of,

    1. Control design Adequacy

    2. Control Operating effectiveness

  2. Demonstrable knowledge on different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001 etc

  3. Establishing and operating processes and procedures for control testing

  4. Excellent executional skills with respect to control testing

  5. Reporting and tracking on prem and cloud control gaps as well as ineffective or inadequate controls

  6. Identifying opportunities and recommendation to improve the design and implementation of controls

  7. Supporting control owners in the design and maintenance of controls and documentation

  8. Undertaking such other tasks and responsibilities as assigned by Manager

  9. Keeping yourself up-to date with latest IS related regulation and standards




  1. Qualified to degree level, preferably in a Business, IT or Security related subject with

  2. Information security qualifications (e.g., CISA, CISM, CISSP) are preferable.

  3. Interested in developing skills and knowledge of IT Risk Management, and willing to work towards appropriate professional qualifications, such as CISA

  4. Formal training in security, risk management or compliance is beneficial.

  5. Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes.





  1. Knowledge and understanding of IT Auditing and IT Risk concepts

  2. Knowledge and understanding of ERPs, Active Directory, SIEM, Identity Access Management, Privileged Access Management tools.

  3. Experience working as part of a business support function such as Risk, Compliance or Information security in a large enterprise.



  1. Existing IT Audit experience of around 4-9 years

  2. Demonstrable knowledge of Cloud Security & Cloud Control Testing

  3. Demonstrable knowledge of Risk management tools, methodologies and practices

  4. Knowledge of IT standards, frameworks, regulation and legislation

  5. Experience of managing own workload and delivering to tight timescales.

  6. Other relevant experience, e.g. Information Security, experience of working in a regulated environment, not necessarily insurance or financial services.


What is in it for you? 


  1. A stimulating working environment with equal employment opportunity 

  2. An opportunity to define, lead and coordinate the operations of the company 


Reach Us – If you think that this role will add value to your career, kindly write me an email along with your updated CV on


DISCLAIMER: We are an equal opportunity recruitment firm and value diversity in the talent we identify for our clients. We do not discriminate on the basis of race, religion, colour, origin, gender, sexual orientation, age, marital status, veteran status, or disability status

Profile Keywords: Audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001 etc