← Back to jobs
UUniversal Sompo General Insurance

Deputy Manager - GRC

Universal Sompo General Insurance

Airoli
Full-Time
0-3 Years experience

Description

Responsibilities

1. IT Audit Execution (Infra + Application)

  • Conduct audits covering network, servers, cloud, endpoints, databases, IAM, DR/BCP, logging/SIEM, and security controls.
  • Perform audits for core insurance applications (Policy Admin, Claims, Underwriting, CRM, Digital Channels & all business functions).
  • Review ITGCs, application controls, access controls, SoD, interface controls, batch jobs & change management.
  • Validate secure SDLC/DevSecOps processes: SAST/DAST/SCA, release management, secrets management, and CI/CD controls.
  • Perform evidence-based testing, sampling, walkthroughs, and documentation.
  • Prepare audit observations, risk ratings, and recommend actionable remediation.
  • Handon managing ISO audits and continuous monitoring of ISO controls

2. Technology Risk Management

  • Contribute to the Tech Risk Register: identify risks, assess severity, track controls, and monitor treatment plans.
  • Participate in risk assessments for new projects, changes, cloud adoption, and third-party onboarding.
  • Support creation and review of policies, SOPs, security standards, and control frameworks.

3. Compliance (Insurance Sector)

  • Assist in compliance activities aligned to IRDAI Cybersecurity Guidelines, IT Governance Circulars, DPDP obligations, outsourcing guidelines, and business continuity expectations.
  • Support regulatory audits, internal audits, and external assessments (ISO, NIST, DR drills).
  • Collect evidence and maintain compliance dashboards.

5. Control Monitoring & Reporting

  • Support operationalization of Continuous Controls Monitoring (CCM).
  • Prepare dashboards on audit status, open issues, compliance KPIs, and control health.
  • Work with Infra/App teams to validate closure of findings.

6. Stakeholder Engagement

  • Coordinate with Infra, Application, Cloud, DevOps, SOC, Security Engineering, and Business teams.
  • Clearly communicate risks, control gaps, and required remediation in a non-technical and business-friendly manner.

7. AI Capabilities

  • Ability to use AI tools to analyze large audit datasets, logs, configurations, and evidence for anomalies or control gaps.
  • Familiarity with AI‑based pattern detection for identifying control deviations, misconfigurations, and risky behaviors.
  • Ability to interpret risk insights generated by AI/ML‑driven security tools (SIEM/SOAR, CSPM, threat intelligence platforms).
  • Experience using AI copilots (e.g., Microsoft Copilot, security copilots) to speed up:
  • Control testing
  • Log correlation
  • Report drafting
  • Evidence summarization

Qualifications

Technical Skills

  • IT audits covering Infra & Apps.
  • Strong understanding of:
    • ISO 27001, NIST CSF, COBIT, CIS benchmarks, OWASP
    • Network & cloud security fundamentals
    • IAM, PAM, MFA, access certification
    • Vulnerability management & patch governance
    • SDLC/DevSecOps controls
  • Experience in insurance domain processes is mandatory.

Soft Skills

  • Strong documentation and audit-report writing.
  • Analytical thinking & structured problem solving.
  • Ability to collaborate across multiple stakeholders and challenge where necessary.
  • Clear communication and the ability to present risks effectively.

Qualifications

Education

  • Bachelor's degree in Engineering/IT/Computer Science or related field.

Certifications (Preferred, not mandatory)

CISA, ISO 27001 Lead Auditor, CRISC, Security+, AWS/Azure Security Fundamentals.

About Universal Sompo General Insurance

-

Industry: no-mentionEmployees: 1959+Website