HDFC Bank - Senior Auditor - Information Security Audit

Auditor - Information Security Audit

PURPOSE OF THE JOB

- Carry out the 1st level audit of IT General Controls and Information Security Controls, primarily in High to Medium Risk Areas

- At E4 level, in addition, lead a team of auditors (at minimum 1 audit staff to a maximum of 3) in carrying out audit of IT General Controls and Information Security Controls

- Assess compliance of the Bank's IT operations and security with Bank's IT related policies and regulatory guidelines and international best practices

- Special assignments and management audits as per the needs of the Senior management from time-to-time.

KEY RESPONSIBILITIES

- Perform the audits

- Ensure that Audits are performed as per the Quarterly Audit calendar

- Guide the audit staff in the team and supervise the progress of the audit assignments

- Ensure timely completion of audits

- Review the audit findings and discuss with senior auditee staff at Function Head levels

- Supervise the team in auxiliary tasks related to IS-Audit e.g. organizing evidence collection, follow-up with auditee for status of audit recommendations till closure of the reports, MIS on audit assignments etc.

- (At E4 level) Provide guidance to various business groups (IT, BPRG, Admin, ISG, IT-Governance etc.) from IS Audit perspective

- (At E4 level) Liaise with External Auditors (RBI Inspectors, Statutory Auditors, SOX Auditors, ISO 27001 Auditors, ISO 22301) as needed

- Prepare 1st draft of MIS reports on IS audits, for various purposes

- Prepare 1st draft of Work done notes for Audit Committee of the Board

Requirements :

Should possess at least a Bachelor of Science, Bachelor of Engineering/Technology, Master of Computer Application/Computer Science or Master in Business Admin/Post Graduate Diploma in Business Administration/Post Graduate Program in Management in Computer Science/Information Technology or equivalent.

- Should have 5-7 years- experience in fields related to IT General Controls / Information Security Controls

- Should preferably have a certification such as CISA / CISSP

- Should have basic knowledge of IT General Controls, International acts such as SOX, IT Governance Frameworks such as COBIT, standards such as ISO 27001, ITIL, ISO22301, COSO 2013 Payment Cards Industry Data Security Standard (PCI DSS).