compliance Analyst

Audit Analyst II

Ways of working –

Work from Office, travel requirements (occasional)

Location:

Bangalore | Karnataka

Year of Experience:

3-4 Years

About The Team & Role

We are seeking a motivated and detail-oriented IT Audit Analyst to join our Audit & Compliance team. The successful candidate will be responsible for planning, executing, and reporting on IT audits across various domains, including IT infrastructure, cloud environments, SaaS applications, and compliance frameworks like ISO 27001, ISO 27701, and PCI DSS. This role involves evaluating the design and effectiveness of IT controls, identifying risks, and recommending practical solutions to improve the organization's IT governance, risk management, and control environment. This role will work independently on moderately complex audits and may assist senior auditors or managers on larger engagements.

What will you get to do here?

Audit Planning & Execution

• Assist in the development of risk-based IT audit plans.
• Plan and execute IT audits covering infrastructure (servers, networks, databases, operating systems), cloud services (AWS focus), and SaaS applications.
• Develop audit programs and testing procedures to evaluate IT controls related to security, operations, change management, business continuity, and data privacy.
• Perform control testing through interviews, documentation review, system observation, and data analysis.
• Plan, execute, and oversee IT audits for e-commerce systems, including cloud infrastructure, payment gateways, and data privacy controls
  

Compliance & Framework Audits

• Conduct audits and assessments against established IT security and privacy frameworks, including ISO 27001 (Information Security Management System) and ISO 27701 (Privacy Information Management System).
• Perform audits to assess compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements, focusing on the cardholder data environment.
• Evaluate the design and operating effectiveness of controls implemented to meet compliance objectives.
• Review system access controls, data integrity, and cybersecurity measures.
  

Risk Assessment & Analysis

• Identify IT risks and control weaknesses during audit engagements.
• Analyze findings, determine root causes, and assess the potential impact on the business.
• Evaluate the effectiveness of risk mitigation strategies.
  

Reporting & Communication

• Document audit work performed, findings, and conclusions clearly and concisely in work papers.
• Prepare draft audit reports detailing findings and practical, value-added recommendations for management.
• Communicate audit results effectively to IT management and other stakeholders.
• Track the status of management action plans to address audit findings.
  

Collaboration & Improvement

• Collaborate with IT personnel, business units, and external auditors as needed.
• Stay current with emerging technologies, IT security threats, audit techniques, and relevant regulations/standards.
• Contribute to the continuous improvement of the IT audit function, processes, and methodologies.
• May provide guidance or mentorship to junior audit staff.
  

What qualities are we looking for?

Education:

Bachelor’s degree in information systems, Computer Science, Cybersecurity, Business Administration, or a related field.

Experience:

3-4 years of progressive experience in IT Audit, Information Security, IT Risk Management, or a related field.

Technical Skills

Strong understanding of IT infrastructure components (networks, operating systems, databases, servers, virtualization).Solid knowledge of cloud computing concepts and specific experience auditing cloud environments.Understanding of SaaS models and experience assessing controls related to third-party/vendor risk management for SaaS solutions.Knowledge of IT general controls (ITGCs) and application controls.

Framework & Standard Knowledge

Demonstrated experience with and knowledge of ISO 27001 and/or ISO 27701 standards and auditing practices.Demonstrated experience with and knowledge of PCI DSS requirements and assessment procedures.Familiarity with other relevant frameworks (e.g., NIST Cybersecurity Framework, COBIT, SOX ITGCs) is a plus.

Audit Skills

Proficiency in IT audit methodologies, risk assessment techniques, and control testing procedures.Strong analytical, problem-solving, and critical-thinking skills.Excellent written and verbal communication skills, with the ability to articulate technical issues to both technical and non-technical audiences.High level of attention to detail and accuracy.Ability to manage multiple tasks and deadlines effectively.Proficiency with standard office software (e.g., Microsoft Office Suite).Professional certification such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), AWS Certified Security – Specialty, or similar.Experience working with GRC (Governance, Risk, Compliance) tools.Experience with data analysis tools used in auditing (e.g., ACL, IDEA, Excel PowerQuery/Pivot).Experience in specific industries (e.g., finance, healthcare, technology) may be advantageous.

Visit our tech blogs to learn more about some of the challenging Problem Statements the

team works at:-

• https://bytes.swiggy.com/engineering-challenges-at-swiggy-430dea6c86a3
• https://bytes.swiggy.com/the-swiggy-delivery-challenge-part-one-6a2abb4f82f6
• https://bytes.swiggy.com/what-serviceability-means-at-swiggy-c94c1aad352a
• https://bytes.swiggy.com/architecture-and-design-principles-behind-the-swiggys-delivery-partner s-app-4db1d87a048a
• https://bytes.swiggy.com/swiggy-distance-service-9868dcf613f4
• https://bytes.swiggy.com/the-tech-that-brings-you-your-food-1a7926229886
  

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law.