Auditor - Information Systems - Banking/NBFC

The role of Auditor involves:

- Conducting audits of Information Systems / Information Security covering process reviews, application control and functionality reviews, BCP and DR testing, and adherence to Regulations with respect to Information Systems / Infosec

- Execution of planned audits by adhering to given schedules and ensuring adherence to audit / ISO processes & ICAI standards. Review of Compliances to Audit reports submitted by Auditee units. Ensuring follow up for closure of reports and files within prescribed timelines.

- Conducting internal audits within stipulated time and submission of audit reports based on risk based audit norms.

- Ensuring quality of audit report (depth & coverage) by focusing on root cause analysis and providing qualitative suggestions/recommendations for improvement of processes & mitigation of risk

- Effective use of off-site audit reports (with special focus on data mining & analysis) for bringing out risks in the audit reports.

- Conducting planned and unplanned audits and provide qualitative suggestions/recommendations for improvement of processes

- Updating skill sets and knowledge through continuous readings, attending trainings

- Ensuring timely follow up on closure of audit findings; checking the closure in line with the risk and recommendation; processing the closure of audit issues / reports as per the policy

- Timely submission of information relating to audits conducted to internal and external stakeholders.

Base qualifications:

- Graduates/CAs/MBA (Finance) with relevant certification such as CISA / CISM / CISSP / CIA

- 3-5 Years of Experience (Audit/ Banking / NBFC Domain preferred)

- Experience in Information Systems / Infosec audits in the financial services (Banking, NBFC) industry

Technical skill set for Information systems auditor. The auditor should have:

- Solid base of computer skills in hardware and software

- Knowledge of various operating systems

- Knowledge of Databases

- Hands on experience on Network Architecture

- Knowledge of other IT infrastructure

- Application controls and Interfaces

- Knowledge on Computer Assisted Audit Techniques (CAATs)

- Knowledge on Information security governance

- Knowledge on Business Continuity and Disaster Recovery framework