Key Responsibilities :
- Responsible for planning and execution of risk based internal audits across various business process and enabling function
- Responsible for ensuring adequate coverage of audits based on criticality of the business process, existing risk governance framework
- Responsible for identification of right set of individuals for performing audits as per their skill set to meet the requirements of the planned audit calendar
- Responsible for preparation, review and periodic revision of audit checklists, audit methodology, sampling guidelines
- Provide guidance and assistance to team on performing objective and evidence based audits
- Responsible for ensuring professional audit work is performed by the team and self in conducting reviews of assigned organizational activities to provide objective assessment of internal controls and operational performance
- Responsible for driving closure of audit identified issues and mitigation of risks on a timely basis
- Responsible for conducting analysis of audit issues, identification of trends, patterns and designing of policies and processes to ensure audit issues are not repeated
- Responsible for liaison with external audit firms for ongoing certification assessments and new certification projects
- Responsible for handling end to end activities for certification/attestations to various standards such as ISO 27001, SSAE16, PCI-DSS
- Responsible for providing guidance to internal departments and performing audit activities related to in areas of Ethical hacking, Penetration testing, Cloud security, Application security testing
- Participate in reviews of internal controls and security of systems under development as well as major IT projects and initiatives
- Review all system-related information security plans throughout the organization's network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department
- Facilitate the development, implementation, communication and enforcement of privacy policies throughout the system
- Support conformity with the privacy and security policies and procedures as part of the performance evaluation process for all employees and the privileging process for credentialed providers
- Perform IT & IS Vendor evaluations to ensure all new vendors meet the security requirement
- Responsible for review the client and organization IT connectivity in transition stage to ensure all security requirements are built
- Responsible for managing trainings for educating stakeholders on compliance aspects related to HIPAA, Data Security and Privacy
- Responsible for investigating security incidents and preparing investigation reports for internal and external stakeholders
Functional Competencies (Qualification & Relevant Experience) :
- Overall 8 + years of experience
- Lead Auditor for ISO 27001/ISO 9001/PCI-DSS Implementer, CISA/CISSP Certification
- Risk Management certification (CRMA/RMI-PMP/RIMS-CRMP)
- Project Management certification (PMP)
- Experience and knowledge on US Regulations, Data Privacy, Information Security controls and Risk Management methodology
- Experienced in Report Writing Skills
- Experienced in performing analysis and creating dashboards/presentations
Behavioural Competencies :
- Vigilance
- Technical Aptitude
- Quality Orientation
- Result focused
- Risk Management
- Conceptual Thinking
- Delegation
Jasleen
Didn’t find the job appropriate? Report this Job