Senior Specialist, Security PRIMARY SKILLS * ISO Management Systems Standard, Application Security, Operational / Process Excellence JOB REQUIREMENTS * Location: Bengaluru We are seeking a detail-oriented and highly skilled ITGC (IT General Controls) Auditor / Enabler for Internal Systems organization with experience in auditing internal applications. As an ITGC Auditor, you will play a crucial role in evaluating and ensuring the effectiveness of internal IT controls, safeguarding data integrity, and ensuring the compliance of our organization's internal applications. You will be responsible for auditing IT systems, applications, and processes to ensure they comply with regulatory standards and internal policies. Key Responsibilities: • Lead ITGC compliance efforts within the Enterprise Applications team. • Map enterprise app processes to relevant ITGC controls (e.g., access management, change management, data backups, etc.). • Partner with internal audit and external auditors during controls testing. • Provide technical oversight on app-level access controls, segregation of duties, and change tracking. • Collaborate with DevOps, security, and business teams to ensure security and compliance are embedded into application lifecycle processes. • Guide and enable team to map and comply teams to ITGC controls and standard certfication formats. Must-Have Skills: • Strong understanding of ITGC control domains (user access, change management, backup/recovery, etc.). • Experience in SOX or other compliance frameworks relevant to ITGC. • Experience in standard certification programs - ISO 20K, ISO 27 K etc. • Familiarity with application security principles (e.g., OWASP Top 10, secure SDLC). • Hands-on knowledge of enterprise applications (e.g., Netsuite, Oracle, ). • Strong documentation and process improvement capabilities. • Experience interfacing with auditors and managing evidence collection and walkthroughs. Preferred Experience: • Background in enterprise IT audit, IT compliance, or IT risk management. • Technical understanding of app architectures (APIs, SSO, RBAC, etc.). • Exposure to security tools like IAM systems, logging/monitoring solutions, and CI/CD pipelines.