Information Security Auditor - Banking Sector

Job Details : (Banking sector experience mandatory)

Certifications:- CISA, CAIIB, ISO27001:2013LA, ITIL

Good understanding :-Various IT Governance frameworks viz COBIT/COSO/ISO/ITIL

Working knowledge :- Information Security assessment tools like Nessus, Berp Suite, Nipper, Kali Linux

- Understand the IS environment to determine the size and complexity of the systems/applications and the extent of dependence on information systems .

- Delivers on time high quality audit reports, audit issue validation and (where appropriate, branch reviews, as well as business monitoring and governance committee reporting.

- Produce audit assurance opinion in the form of audit reports to communicate audit findings and conclusions.

- Directs complex audit activities for a component of a product line or function, or theme including a portion of the audit annual plan.

- Executes annual IT Audit Plan, for the Bank in accordance with Internal Audit standards, relevant regulations and Bank policies.

- Analyses audit findings; recommends appropriate interventions where needed. Proposes creative and pragmatic solutions for risk and control problems. Partners with business units to develop approaches for addressing broader corporate emerging issues.

- Applies an in-depth understanding of the inter-relationships of business and support units throughout the Bank and how they impact the overall control environment and the audit approach.

- To undertake Vulnerability Assessment of OS, DB and application manually as well as by using tools. Should be able to analyze VAPT reports.

- Theme based review (analytics) of key processes and identifying process / control gaps

- Assess Information Security compliance of Third Party service providers.

- Review the Information System Assets Identification, Classifications and perform Risk Assessment.

- Undertake reviews of internal control procedures and security for systems/applications under development and/or enhancements to current systems.

- Perform IT General control reviews for simple to complex information systems in a risk-based manner.

- Perform control reviews of applications security to include system development standards, operating procedures, system security, programming controls, communication controls, backup, change management, access management and disaster recovery, and system maintenance.

- Review of application functional controls relate to transactions, reconciliations and assess its financial and regulatory implications.

- Follows-up on audit findings to ensure that management has taken corrective action(s).