HCL - IT Risk & Compliance Consultant

Job Description: IT Risk and Compliance Consultant

Business Domain: IT and Software

Qualifications: B.E./B.Tech / MCA

Expertise expected in: some of these areas (SOX compliance, COBIT , ISACA )

Only candidates with experience in IT Risk & Compliance need to apply

Additional experience may include CMMI v1.1, Six Sigma, Lean, ITIL, Metrics and project management.

Responsibilities:

- Working with IT process and control owners, design IT General controls (ITGC), and remediation plans. Assess, perform gap analysis, make recommendations for improvements.

- Assist IT process and control owners with testing and completion of ITGC testing for SOX compliance.

- Identify control deficiencies, mitigating controls and compensating controls

- Track and report on status of all SOX ITGC testing and reported deficiencies

- Support Compliance with internal audit, external audit IT control assessments, findings and deficiencies follow-ups and lead coordination efforts.

- Track and report on status of all Internal Audit and external audit IT controls testing and reported findings and deficiencies.

- Provide controls, compliance and risk assessment training to IT process and control owners.

- Provide leadership, guidance, mentorship to compliance analyst.

- Leads and coordinates other compliance assessments and audits

- Introduce a culture of Risk Management supported by policies and guidance

- Responsible for the development, auditing, testing and implementation of Business Continuity Plans.

- Create action plans which show how these policies and plans will be implemented and undertake regular audits to demonstrate that they are effective

- Ensure Periodic review of Risk Assessment.

- Develop a detailed understanding of the activity under audit and assess IT risks and effectiveness of controls.

- Provide support to the internal audit team through extraction of data from applications/databases under audit and perform data analytics inquiries

- Advise IT and business stakeholders on control best practices within their processes to reduce risks, improve efficiency and financial profitability

- Conduct reviews with respect BCP/DR plan and Test results.

- Responsible for Improvement opportunities like Six Sigma, Bench marking.

- Ensuring statutory and Regulatory compliances as applicable.

- Responsible for process improvement, Process automation and other corporate initiatives in Quality and Security.

- Carry out Process audits and follow-up for closing Non Conformities.

- Conduct Information Security Awareness session for the employees.

- Perform Access control review (ACR) for assigned projects.

- Ensure that Incident/Problem handling, change and configuration management process are strictly followed and are inline with the Industry best practices like ITIL and ISO20000.

General Abilities:

- Should have good client facing abilities. Solution Mindset. Should have good client presentation and client management skills.

- Good knowledge of Software Engineering, QC Techniques, Development methodologies, SPC techniques

- Good exposure to project management, Tools used in software development and process management(process mapping - Visio, Configuration mgmt tools, Defect tracking tools, MS Project etc)

- Consulting exposure.

- Should have ability of configuring solutions based on customer needs. Highly dynamic and proactive