Information Security Audit Role - BFSI

Responsibilities:

- Audits of area covering all aspects i.e. IT general controls, Infrastructure, Applications, Databases, BCP etc.

- Plan, design and implement risk based audit plans to ensure safety and soundness .

- Support Business audits for coverage of Technology risks.

- Ensure completion of assigned audits and documentation of work papers on time.

- Track status of issues reported.

- Keep relevant processes benchmarked to Best Practices and peer Companies.

- Keep Audit Procedure Manual and checklists current and updated.

- Timely Updates on all new developments in the Technology area so as to provide assurance on regulatory and other control requirements.

- Simultaneously devise audit checklists for use of internal/concurrent Auditors and test

processes/procedures to foresee pitfall and bottlenecks and ensure these are audited/resolved.

- To provide suggestions for improvement to existing process / systems to line management

Essential competencies: -

- Expert knowledge of IS Audits.

- Knowledge of bank audit procedures.

- Hands on experience at operational level.

- Knowledge of other areas of banking would be an added advantage.

- Should be a clear thinker and excellent communicator

- Command over English language to ensure good quality of audit reports

- Good team player

Qualifications and relevant experience:

- B.E./B.Tech / M.Tech from a reputed institute.

- Should possess CISA/CISSP or equivalent certification

- Possess good knowledge of one or more multiple standards such as ISMS or COBIT or ITIL

- Should be familiar or have expertise on OWASP - Excellent understanding and knowledge of IS security controls and Regulatory guidelines from bodies such as the RBI.

- Experience in performing Information System audits or experience as a Information Security Officer role in a Banking or Financial sector organization would be preferred.

- Knowledge / understanding on implementation of security products & standards

- Solid network foundation and integration skills along with understanding how security mechanisms work together to provide the required level of protection

- Possess working knowledge of Firewalls, Perimeter Security, VPN, IPS/IDS technologies,

encompassing remote access devices, data encryption, wireless products, application security

- Knowledge of digital banking products will be a plus

- Possess working knowledge of hardening of various Operating Systems / Platforms.

- Knowledge of how to perform vulnerability and penetration tests, understanding of current security technologies, current weaknesses and vulnerabilities within operating systems and networking products, and an understanding of the current agreed upon best practices within the security field

- 8 to13 Yrs of post qualification experience in Financial Services / Audit Firm / IT Security Firm /InfoSec role / environment in a reputable organization.

- Impeccable integrity and risk consciousness