Compliance Manager- Information Technology

Job Description

Title: Audit and Compliance - IT
Department: Information Technology
Location: Noida

Position Overview:
The Audit and Compliance Deputy Manager/ Manager will be responsible for planning, executing, and managing audits, risk assessments, and compliance activities related to IT systems and infrastructure. The role requires strong expertise in IT governance, risk management, cybersecurity, and regulatory compliance, with a good understanding of operational dynamics in the renewable power industry.

Key Responsibilities:

1. IT Audit and Assurance

• Develop and execute a comprehensive risk-based IT audit plan annually, aligned with business objectives.
• Perform internal IT audits across infrastructure, applications, cybersecurity, and business continuity areas.
• Evaluate the effectiveness of internal controls, data privacy practices, cybersecurity defences, and system reliability.
• Prepare clear, concise, and actionable audit reports with findings, risks, and recommendations.
• Plan and execute SAP IT General Controls (ITGC) audits, including areas such as access management, change management, and data integrity.
• Identify control deficiencies, weaknesses, and risks in SAP modules and related business applications.
• Perform periodic audits of application controls, including role-based access controls, SOD (Segregation of Duties), and user provisioning in SAP.

2. Compliance Management

• Ensure compliance with industry regulations and internal IT policies, including:
• ISO/IEC 27001 (Information Security Management)
• GDPR (General Data Protection Regulation)
• NERC CIP (Critical Infrastructure Protection – where applicable)
• FERC, ERCOT, and other energy regulatory bodies (as applicable)
• Lead IT compliance readiness initiatives for audits like ISO certifications, SOC 2, GDPR, etc.
• Maintain all required documentation, including compliance matrices, risk registers, and audit trails.

3. Risk Management

• Identify, assess, and prioritize IT risks, including cybersecurity risks specific to the renewable energy industry (e.g., SCADA systems, OT networks).
• Develop risk mitigation strategies in collaboration with IT Security and Business Continuity teams.
• Conduct regular risk assessments and vulnerability evaluations.

4. Policy and Process Development

• Draft, update, and enforce IT security and compliance policies, ensuring alignment with business goals and regulatory changes.
• Collaborate with IT teams and business stakeholders to embed compliance into system design, development, and deployment processes.

5. Incident Management and Reporting

• Support incident response processes from a compliance and governance perspective.
• Participate in investigations of IT-related breaches or non-compliance cases.
• Report on incidents and post-incident compliance reviews to leadership.

6. Training and Awareness

• Conduct IT compliance training sessions and awareness programs for employees across all levels.
• Promote a culture of information security, compliance, and ethical IT practices.

7. External Engagements

• Coordinate with external auditors, regulatory agencies, and third-party vendors during audits or compliance reviews.
• Manage vendor compliance for IT service providers and technology partners.
• Track changes in regulations and standards, assess their impact, and update processes accordingly.
• Prepare comprehensive audit reports with clear findings, risks, and actionable recommendations.

Qualifications:

• Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent certification preferred.
• Minimum 7-12 years of experience in IT audit, risk management, and compliance functions.
• Experience working in or with the renewable energy or power sector is highly desirable.
• Strong understanding of IT operations, cybersecurity frameworks, and risk management principles.
• Knowledge of industry-specific compliance requirements (e.g., NERC CIP, FERC, ISO standards applicable to renewable power).
• Experience in ERP systems, SCADA systems, and IoT/OT security would be an advantage.
• Strong analytical, reporting, and communication skills.
• SAP Security or GRC Certification (advantageous)

Key Skills and Competencies:

• Expertise in IT Audit Methodologies and Frameworks (ISACA Standards, COBIT)
• Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS Controls)
• Hands-on understanding of IT risk management principles
• Knowledge of renewable energy sector regulatory compliance (e.g., renewable energy certificates, regulatory reporting obligations)
• Critical thinking and strong analytical skills
• Excellent written and verbal communication skills
• Ability to work independently and collaboratively with cross-functional teams
• Attention to detail and a proactive mindset toward continuous improvement
• High level of integrity and ethical standards

Preferred Certifications:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• ISO 27001 Lead Auditor / Lead Implementer
• NERC CIP Certification (advantageous for power sector experience)

Work Environment:

• Occasional travel to renewable energy project sites, regional offices, and data centres
• Work in collaboration with IT infrastructure, cybersecurity, energy operations, legal, and corporate compliance teams