U
Deputy Manager - GRC
Universal Sompo General Insurance
Airoli
Full-Time
0-3 Years experience
Description
Responsibilities
1. IT Audit Execution (Infra + Application)
- Conduct audits covering network, servers, cloud, endpoints, databases, IAM, DR/BCP, logging/SIEM, and security controls.
- Perform audits for core insurance applications (Policy Admin, Claims, Underwriting, CRM, Digital Channels & all business functions).
- Review ITGCs, application controls, access controls, SoD, interface controls, batch jobs & change management.
- Validate secure SDLC/DevSecOps processes: SAST/DAST/SCA, release management, secrets management, and CI/CD controls.
- Perform evidence-based testing, sampling, walkthroughs, and documentation.
- Prepare audit observations, risk ratings, and recommend actionable remediation.
- Handon managing ISO audits and continuous monitoring of ISO controls
2. Technology Risk Management
- Contribute to the Tech Risk Register: identify risks, assess severity, track controls, and monitor treatment plans.
- Participate in risk assessments for new projects, changes, cloud adoption, and third-party onboarding.
- Support creation and review of policies, SOPs, security standards, and control frameworks.
3. Compliance (Insurance Sector)
- Assist in compliance activities aligned to IRDAI Cybersecurity Guidelines, IT Governance Circulars, DPDP obligations, outsourcing guidelines, and business continuity expectations.
- Support regulatory audits, internal audits, and external assessments (ISO, NIST, DR drills).
- Collect evidence and maintain compliance dashboards.
5. Control Monitoring & Reporting
- Support operationalization of Continuous Controls Monitoring (CCM).
- Prepare dashboards on audit status, open issues, compliance KPIs, and control health.
- Work with Infra/App teams to validate closure of findings.
6. Stakeholder Engagement
- Coordinate with Infra, Application, Cloud, DevOps, SOC, Security Engineering, and Business teams.
- Clearly communicate risks, control gaps, and required remediation in a non-technical and business-friendly manner.
7. AI Capabilities
- Ability to use AI tools to analyze large audit datasets, logs, configurations, and evidence for anomalies or control gaps.
- Familiarity with AI‑based pattern detection for identifying control deviations, misconfigurations, and risky behaviors.
- Ability to interpret risk insights generated by AI/ML‑driven security tools (SIEM/SOAR, CSPM, threat intelligence platforms).
- Experience using AI copilots (e.g., Microsoft Copilot, security copilots) to speed up:
- Control testing
- Log correlation
- Report drafting
- Evidence summarization
Qualifications
Technical Skills
- IT audits covering Infra & Apps.
- Strong understanding of:
- ISO 27001, NIST CSF, COBIT, CIS benchmarks, OWASP
- Network & cloud security fundamentals
- IAM, PAM, MFA, access certification
- Vulnerability management & patch governance
- SDLC/DevSecOps controls
- Experience in insurance domain processes is mandatory.
Soft Skills
- Strong documentation and audit-report writing.
- Analytical thinking & structured problem solving.
- Ability to collaborate across multiple stakeholders and challenge where necessary.
- Clear communication and the ability to present risks effectively.
Qualifications
Education
- Bachelor's degree in Engineering/IT/Computer Science or related field.
Certifications (Preferred, not mandatory)
CISA, ISO 27001 Lead Auditor, CRISC, Security+, AWS/Azure Security Fundamentals.
About Universal Sompo General Insurance
-
