Information Security Auditor- GRC
Job Type: Full-Time
Location: Bangalore, India
About Rakuten:
Rakuten is the largest ecommerce company in Japan, and third largest ecommerce marketplace company worldwide. Rakuten provides a variety of consumer and business-focused services including e-commerce, e-reading, travel, banking, securities, mobile telecommunications, credit card, e-money, portal and media, online marketing and professional sports. The company is expanding globally and currently has operations throughout Asia, Western Europe, and the Americas.
Founded in 1997 Rakuten is headquartered in Tokyo, with over 18,000 employees and partner staff worldwide.
Rakuten India, based in the Silicon valley of India, Bengaluru, provides software development, product development and operations support to Rakuten groups around the globe. With more than 300 highly skilled employees, Rakuten India is helping make Rakuten Ecosystem stronger and better by contributing to technology solutions & operations; increasing speed, productivity, and quality. Rakuten India’s services to Rakuten spans across ecommerce, digital contents and marketing, FinTech, Leisure & Emerging Technology, and Corporate IT division.
Team Overview:
Internal Audit Department (IAD) is responsible for audit, governance, risk, compliance and various investigations for all the group companies based in Asia and Western Europe. Our team is determined to improve transparency of the companys management and ensure its appropriateness, efficiency, fairness, and soundness. We aim to provide independent assurance on internal process and procedure, management approach, risk management and governance through careful examination and evaluation of the adequacy and reliability of the internal controls. Internal Audit team assesses the firm’s internal control structure, advises management on developing control solutions and monitors the implementation of these measures.
Position Overview:
We are seeking a skilled and experienced IT Security Auditor to join our dynamic team. The ideal candidate will have a strong background in information security, risk management, and compliance. As a IT Security Auditor, you will be responsible for planning and conducting comprehensive security audits, identifying vulnerabilities, and recommending improvements to enhance our security posture. The position will have a key role in assessing the company’s compliance with the requirements of Rakuten Group Regulations (RGR) as well as EU General Data Protection Regulation and California Consumers Protection Act as compared to IT security standards and frameworks. The IT Security Auditor will report to Senior Audit Consultant and will be a critical part of the Rakuten’s Internal Audit Department.
Key Responsibilities:
IT Security Audit Support and Execution:
- Assist in the design, development and execution of Technology audit engagements including ISO 27001, PCI DSS, and other security and privacy audits
- Assist in the development of audit plans, audit scope, objectives, audit work program and testing procedures.
- Participate in risk assessments to identify key risks and controls to determine the critical areas of audit
- Conduct audit procedures, including data gathering, documentation review, and testing of IT Security controls.
- Assist in the evaluation of IT Security controls and the identification of potential vulnerabilities or weaknesses.
- Document audit work paper according to standards of the Internal audit guidance
- Demonstrate professional skepticism while performing audits
Compliance Monitoring and Reporting:
- Support the monitoring of the implementation of recommended actions and ensure compliance with audit recommendations.
- Contribute to the preparation of audit reports summarizing findings, recommendations, and management responses.
- Participate in the presentation of audit findings and recommendations to key stakeholders.
- Work on data analytics tools and provide management dashboards for KRI/KPIs
- Participate in ad-hoc projects such as compliance activities and audit investigations; as required
- Maintain business relationships with appropriate levels of client management to ensure that audit management is aware of changes in business activities and objectives
- Develop business partnership within company-wide Internal Audit team through professional communication and clear deliverables
Requirements
- Bachelor’s degree in Computer Science, Security Management, Cybersecurity, or comparable work experience.
- Minimum 4 years direct experience with internal/firm IT audit or consulting
- Strong knowledge of security frameworks and standards (e.g., SOC 2, PCI-DSS, ISO 27001, NIST).
- Ability to evaluate technology controls associated with complex business solutions.
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services, and cloud computing environments
- Knowledge of privacy regulations such as EU GDPR and CCPA
- Excellent analytic, communication, collaboration, and documentation skills
- Ability to articulate compliance concepts with peers and to a technical audience
- Open to travel for audit activities
- Fluency in Japanese language is preferred
- ISO 27001 certification is preferred