Assistant Manager/ Manager IT Audit – Governance, Risk & Compliance
Why should you join Zomato?
Zomato is a restaurant search and discovery platform, providing in-depth information for over 1.4 million restaurants across 24 countries. Zomato is used by consumers globally to discover, rate and review restaurants, as well as create their own personal network of foodies for trusted recommendations.
Restaurants improve their discoverability through Zomato’s hyperlocal advertising platform - currently this forms a large part of Zomato’s revenue. Over the last 2 years Zomato’s Online Ordering business has matured and become fast-paced. At the very core of this business is great user experience, creating cutting-edge technology to connect restaurant businesses and customers in ways that will revolutionise the restaurant industry.
About the role :
Assistant Manager / Manager IT audits, GRC is responsible for planning, executing and reporting on Information Technology Audits, Tech Infrastructure Audits, IT Security/ Vulnerability/ Risk Assessments reviews.
Maintenance and periodic testing of automated controls in SAP and other applications. Will also be responsible to maintain and review IT governance and Technology risks and corresponding.
Here's what you will do day to day:
- Executing IT, compliance and regulatory reviews/ audits
- Conduct Infrastructure Audit, IT Security, Risk Assessment, Network Design, Web Applications Security and Source Code review
- Conduct vulnerability assessment of System and cloud / physical infrastructure including penetration testing of networks and web applications using third party/ open source tools
- Perform manual penetration testing of systems, web sites and networks to discover vulnerabilities
- Establish policies and procedures for the design, installation and commissioning of the systems infrastructure
- Communicating to appropriate audience the audit scope, protocol, status, issues, risks and recommendations via written reports and presentations
- Perform data analytics to review processes, transactions and financial data
- Tracking, compiling and reporting KPIs
- Performing special projects, investigations, and other duties as assigned
Here's what we're looking for:
- BE, CA, B Tech, ACCA (Required), MBA (desirable). Certifications (desirable) – CISA, CISSP, CSX, PMP, ITIL, CEH, COBIT, ISO 27001 LA
- 4-6 years experience in cyber security, information security, information technology domain and related activities such as cyber security assessments, IT audits/ IT risk management, cyber governance, business system controls review
- Experience in the areas of infrastructure security audit, IT security, vulnerability assessment, risk assessment, network security review, network architecture review, configuration review, penetration testing, process review and IT General Controls review.
- Proficient in Microsoft Office suite applications, SAP and data analytics tools
- Knowledge and experience in the areas of operating systems review, databases review, configuration testing and security reviews.
- Knowledge of information security technologies and methodologies including for example web server security/ firewalls/ networks/ encryption/ TCP/IP/ windows etc.
- Experience of implementation / review of information security / cyber security standards such as: ISO 27001, NIST framework, ISO 22301, PCI DSS, ITIL, COBIT would be an added advantage
- Experience on Data privacy and Business Continuity would be an added advantage
- Ability to communicate technical risk issues effectively, to stakeholders who may, at times, have a non- technical background
- Demonstrate ability to evaluate, synthesize, organize and interpret data and information
- Strong interpersonal, project management, analytical and supervisory
- Excellent written and oral communication skills
- Ability to work in a dynamic work environment
- Ability to manage multiple projects & priorities simultaneously and be comfortable with ambiguity/ chaos