Head - Information Security Audit - Bank

Head-Information Security Audit at Goregaon

- Purpose of this role is to develop and manage execution of the Information System Audits (IS Audits) including Information Technology (IT) Infrastructure, Information Security and IT Applications Audits covering the key Information System areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration Testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT Infrastructure management, Database & Operating System management, Incident management, Change management, Email management and process review, End point security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk) within the organization.

- The purpose of this role is to develop and manage execution of the Information System Audits (IS Audits) including Information Technology (IT) Infrastructure, Information Security and IT Applications Audits covering the key Information System areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration Testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT Infrastructure management, Database & Operating System management, Incident management, Change management, Email management and process review, End point security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk) within .

- The primary function of the role will be to develop and manage execution of the IS Audits Strategy and Plan for proactively conducting the Information Systems, IT Infrastructure, Information Security and IT Applications assessments across factoring the wide spread nature of business, large scale of operations, level of digitalisation and use of technology, complexity & diversity of the various applications across the lines of business of ABFL and organization strategy, culture and digital maturity

- Develop processes for effective IS Audits coverage of Information System & Security risks identification, mitigation and management in ensuring that the audit coverage is aligned with internal policies, standards, procedures; professional auditing standards as well as various applicable laws and regulations, regulatory circulars / guidelines across various regulators

- Develop strategies for identification and assessment of Information System & Security risks across ABFL factoring the diverse lines of business of , scale of operations and complexities of the business and current maturity level of controls

- Develop IS Audits plan based on risk assessment and the legal, regulatory framework; Ensure use of advanced integrated auditing concepts and extensive use of technology and data analysis for achievement of the audit objectives

- Set up and develop specialised team for conducting IS Audits and the assessment of complex and specialised reviews covering key IT Infrastructure, IT Applications and Information System & Security areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT infrastructure management, Database & Operating System management, Incident management, Change Management, Email management and process review, End point Security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk) across the various lines of business within

- Plan and conduct Information System & Security risk audits testing ~3000+ controls covering the various IT applications, IT infrastructure, Information systems and IT/Information Security processes including cyber security, cloud security, network security, data security, logical and physical access management, adherence to data privacy guidelines, emerging digital & technology risk in accordance with the internal Policies and Procedures, Legal and Regulatory requirements, professional Internal Audit and IS Audit Standards, and leading practices

- Implement a continuous monitoring process for ongoing assessment of Information System & Security risks across to ensure, timely identification and resolution of significant Information System & Security control issues; Identify and develop ~5000+ automated tests across for monitoring effectiveness of controls on an ongoing basis.