Genpact - Cyber Auditor - Financial Services

Location: Mumbai

Education: CA/ MBA / Graduate

Exp: 4+ yrs

Skills: IT RISK, Technology Risk, Cyber Audit,

Functional: Good knowledge of financial products like derivatives and trade lifecycle

Skills:

- At least 5-7 years of post-qualification work experience as an Internal Auditor in Financial Services

- Experience in financial services is essential, with a preference for those with experience of conducting front to back product audits.

- Prior experience performing walkthroughs, risk assessments of the internal control environment, performing controls and substantive testing while meeting internal quality assurance standards

- Experience in auditing Infrastructure components like NFS, Encryption (Working Knowledge), BCP-DR, Identity Management, Cloud, Firewall, NIDS etc.

- Good knowledge of financial products like derivatives and trade lifecycle

- Relationship management skills when interacting with global stakeholders

Certifications

- CISA /CISSP.

Responsibilities

- Participate in business management and audit team meetings to gain an understanding of the business units under review (e.g. policies and procedures, roles and responsibilities, systems and processes, organization and controls).

- Participate in audit planning and scoping, and assist in documenting audit planning materials and walkthrough narratives or process flows.

- Conduct risk assessments and provide technology risk/requirements to address risks identified.

Areas covered:

- Cloud cybersecurity using Microsoft Azure Active Directory, Azure Key Vault, Azure DNS / Firewall, Azure Kubernetes and Container Registry.

- Authentication, Authorization, Auditing

- Application Security - Session Security, Vulnerability/Penetration Testing items, Input Validation

- Secure data transport and storage

- Vulnerability and Threat Management

- Network and Intrusion Prevention

- Encryption - Data at rest, storage and transition

- Periodically review security reference architecture (security blueprints) and conduct dates/enhancements to guidance, policies, or other applicable reference materials

- Create and execute control tests and clearly document test results as part of fieldwork.

- Discuss and finalize audit findings with auditees consistency in applying strong internal audit methodology standards.

- Communicate testing exceptions and control deficiencies to senior management within Internal Audit and the business as part of reporting

- Designing and executing risk-based audit programs, in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.

- Identifying areas for improvement and control gaps, and evaluating their significance and potential business impact.

- Presenting practical, informed and concise recommendations to senior leaders, developing action plans and preparing written audit reports to document findings.

- Collaborating with and educating process owners of the importance of a strong system of internal controls.