AVP - Information Security Audit - CISA/CISSP - BFSI

Purpose of the job:

- Lead a team of auditors in carrying out audit of IT General Controls and Information Security Controls

- Assess compliance of the Bank's IT operations and security with Bank's IT related policies and regulatory guidelines.

- Assess the current processes followed in the bank against international best practices.

- Undertake Special assignments and management audits as per the needs of the Senior management from time-to-time.

Key Responsibilities:

- Ensure that Audits are performed as per the Quarterly Audit calendar

- Guide the audit staff in the team and supervise the progress of the audit assignments

- Ensure timely completion of audits

- Review the audit findings and discuss with senior auditee staff at Function Head levels

- Resolve disputes of issue ownership between various Audit Teams

- Supervise the team in auxiliary tasks related to IS-Audit e.g. organizing evidence collection, follow-up with auditee for status of audit recommendations till closure of the reports, MIS on audit assignments etc.

- Provide guidance to various business groups (IT, BPRG, Admin, ISG, IT-Governance etc.) from IS Audit perspective

- Liaise with External Auditors (RBI Inspectors, Statutory Auditors, SOX Auditors, ISO 27001 Auditors, ISO 22301) as needed

- Review and finalize 1st draft of MIS reports on IS audits, for various purposes

- Review and finalize 1st draft of Work done notes for Audit Committee of the Board

Requirements:

- At least a Bachelor of Science, Bachelor of Engineering/Technology, Master of Computer Application/Computer Science or Master in Business Admin/Post Graduate Diploma in Business Administration/Post Graduate Program in Management in Computer Science/Information Technology or equivalent

- At least 12 years of working experience in IS audit or related field is required for this position at D1 level and al teast 15 years at D2 level.

- Should have a certification such as CISA / CISSP

- Should have deep knowledge of IT General Controls, international acts such as SOX, IT Governance Frameworks such as COBIT, standards such as ISO 27001, BS 15000 / ISO 20000 / ITIL, BS25999, Payment Cards Industry Data Security Standard (PCI DSS) etc.

- Should have excellent drafting and communication skills.