IT Audit & Compliance

Job Description:

ESK Technologies is seeking an experienced IT Audit & Compliance to join our team in Bangalore.

o Ensuing SEBI Guidelines are followed going through new sebi rules which keep coming
o Creating reports for multiple Audits and Submitting to exchange
o Operational Audit (Evaluation of Company operations on IT/Security and Trading)
o IT Risk Audit
o Policy Enforcement
o Documentation
o Data protection Audits
o Application Audits.
o Performing Internal Audits
o Being updated with latest Audit Frameworks

Core Technical & Compliance Skills for IT Audit:
Audit Frameworks & Standards
• Familiarity with SEBI Cyber Security Guidelines
• Understanding of ISO 27001, COBIT, NIST, SOC 2 frameworks
• Awareness of SEBI circulars (e.g., System audit, VAPT frequency, cyber incident
reporting timelines)

 IT Risk Management
• Conducting and documenting IT Risk Assessments
• Understanding of risk rating (like × impact, residual risk, control mapping)
• Hands-on with risk registers, risk treatment plans

Application & Infrastructure Audit
• Review of access Management, change management, backup,logging, resilience.
• Ensure event log generation, session handling, security controls are in place.
• Experience in tools like Nessus

Policy and Process Review
• Drafting & validating IT policies: password, backup, access, data retention,
encryption
• Ensuring enforcement across systems (check if logs, permissions, and configurations
reflect policy)

Data Protection & Privacy Audits:

• Understanding of data classification, masking, retention
• Checking secure storage, encryption in transit/at rest, user access logs
• Checking secure storage, encryption in transit/at rest, user access logs

Security Control Validation:
• Hands-on or coordination of VAPT, patch audits, firewall rule reviews
• Check for 2FA, antivirus, endpoint control agents
• Check SFTP access, SSH key usage, or public cloud IAM policies

Documentation, Reporting & Regulatory Submissions:
• Creating Audit Trail, Evidence Repositories, and compliance dashboards
• Creating documents, reports, critical asset inventory.
• Prepare reports for SEBI, stock exchanges (NSE/BSE), internal compliance teams
• Format audit findings as per regulatory templates

Monitoring & Logging Validation:
• Review of tools like Zabbix, Nagios, or SIEM systems
• Check for log retention periods, event types, and audit policy alignment

Access Control Auditing:
• Reviewing LDAP/IAM policies
• Checking least privilege, role-based access control (RBAC)
• Joiner/mover/leaver process compliance checks

Tools:
• Nessus, Elk, Wazuh, LDAP, AWS IAM.