Description : Cybersecurity Consultant (SOC & IT Audit)

Experience : 1 - 6 Years

Location : Bangalore & Gurgaon

Industry : US Accounting & Tax Advisory / Cybersecurity Consulting

Education : Bachelors degree in Management Information Systems (MIS), Computer Science, Accounting Information Systems, or Engineering.

Role Summary :

We are seeking a high-caliber Cybersecurity Consultant with a specialized focus on SOC (Service Organization Control) and IT Audit to join a premier US-based Accounting and Advisory firm. In this role, you will act as a "Risk & Controls Specialist," conducting rigorous testing for SOC 1 and SOC 2 reports to ensure global clients meet stringent security and financial reporting standards.

You will be responsible for evaluating the effectiveness of IT General Controls (ITGC) and IT Application Controls (ITAC) within diverse cloud and on-premise environments. The ideal candidate is an analytical troubleshooter who thrives in a consulting environment, bridging the gap between technical cybersecurity threats and corporate compliance frameworks like SOX.

Responsibilities :

- SOC Control Testing : Execute detailed design and operating effectiveness testing for SOC 1 (SSAE 18) and SOC 2 reports, focusing on the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy).

- ITGC Evaluation : Perform comprehensive audits of IT General Controls across key domains including User Access Management, Change Management, Backup & Recovery, and Batch Processing.

- ITAC Assessment : Conduct testing of IT Application Controls, ensuring automated calculations, data validations, and business process configurations within ERPs are functioning as intended.

- SOX Compliance : Support the internal and external audit lifecycle for Sarbanes-Oxley (SOX) compliance, focusing on General IT Controls (GITC) that impact financial reporting.

- Risk Advisory & Consulting : Act as a client-facing advisor, identifying control gaps and providing actionable recommendations to mitigate cybersecurity and operational risks.

- Audit Documentation : Maintain high-quality workpapers and audit evidence that meet the rigorous standards of a top-tier US accounting firm.

- Cybersecurity Framework Alignment : Evaluate client environments against industry-standard frameworks such as NIST, ISO 27001, or COBIT to identify control deficiencies.

- Stakeholder Collaboration : Work closely with client IT managers, security leads, and internal audit partners to facilitate the collection of evidence and resolution of audit findings.

- Analytical Problem-Solving : Identify "Red Flags" in system logs, access reports, and configuration settings that indicate potential security or compliance failures.

- Continuous Professional Development : Stay current with evolving IRS and AICPA standards; pursue and maintain professional credentials such as CISA, CISSP, or CISM.

Technical Requirements :

- Audit Expertise : 1 - 6 years of hands-on experience in IT Audit, SOC Testing, or Cybersecurity Consulting.

- Framework Knowledge : Proven understanding of SOC 1, SOC 2, and SOX 404 requirements.

- Technical Depth : Familiarity with auditing various OS (Windows/Linux), Databases (SQL/Oracle), and Cloud Platforms (AWS/Azure).

- Documentation Skills : Exceptional ability to draft technical audit reports and control descriptions.

- Certifications (Preferred) : CISA, CISSP, CISM, CIA, or CPA certifications are highly valued.

Preferred Skills :

- Consulting Background : Previous experience as a client-serving professional in a Big 4 or shared services environment.

- Immediate Availability : Preference for candidates who can join immediately or within a short notice period.

- Advanced Tooling : Experience using audit management software or GRC (Governance, Risk, and Compliance) tools.

Core Competencies :

- Meticulous Detail : An uncompromising eye for detail when reviewing access rights, change logs, and system configurations.

- Communication Mastery : Strong verbal and written skills to articulate technical control failures to both technical and non-technical stakeholders.

- Time Management : Ability to manage multiple audit engagements and meet strict regulatory filing deadlines.

- Collaborative Mindset : A proactive team player who can coordinate effectively across global time zones.