IT Audit Role - BFS

Roles & Responsibilities:

- Assist in developing risk based annual audit plans

- Coordinate with process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of Information Technology General Controls (ITGC) over applications, operating systems, and databases as well as the network infrastructure including cybersecurity controls

- Lead audit planning, fieldwork (testing and documentation), and reporting

- Lead engagements and communicate issues to process owners, ensuring their understanding of associated risks and the actions needed to remediate those risks.

- Document the results of audit procedures performed that support the conclusions reached.

- Under the supervision of IAA management, communicate preliminary results to management and obtains validation

- Prepare audit reports based on the adequacy and effectiveness of controls evaluated.

- Track and Monitors open audit issues and conducts post-audit follow-up to evaluate the adequacy of remediation efforts

- Prepares other ad-hoc reports and assists in special projects as required or requested by supervisor

- Communicate with external auditors and support their initiatives effectively from an IT audit standpoint.

- Research security trends, threats, and prevention technologies.

- Participate in departmental initiatives, administrative matters, and special projects.

- Establish strong working relationships with various teams across the organization and work cohesively with IAA teammates

- Lead SOX and ICoFR audit planning, fieldwork (testing and documentation), and reporting

- Interact with the Company's external auditors and provide assistance as needed during the SOX control testing processes, including attending walkthrough meetings and performing testing on their behalf

- Aware about IT Controls and related compliances applicable to TransUnion CIBIL

- Evaluate compliance with Company policies and procedures and regulatory standards

- Build collaborative working relationships with internal stakeholders (appropriate levels of management)

- Work closely with process owners/control owners and cross-functional teams (US and International) to provide ongoing SOX support and ensure controls are designed and implemented effectively

- Performs other related duties as assigned

- Possess excellent time management skills; plan workload appropriately and demonstrate the ability to manage multiple assessments simultaneously

- Confidently lead meetings to discuss audit issues with finance management, ensuring their understanding of associated risks, root causes, and the actions needed to remediate

- Operate autonomously and manage tasks at hand without manager intervention

- Take ownership of the assigned tasks and interact with other IAA members in working towards Departmental goals

Experience and Skills:

- 7 - 10 years of experience in an IT Audit, Assessment, or Information Security role.

- Bachelor's degree in computer science, management information systems or related field. CISA certification is must

- Certification of CA, CPA or CIA (or actively working towards) or other similar certifications would be an added advantage

- Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, physical security, security architecture and design, business continuity/disaster recovery, network security, application & operations security and compliance/incident management.

- Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks.

- Strong understanding of SOX legislation and IT frameworks including COSO and COBIT.

- Strong technical and/or IT audit background with practical knowledge of a wide variety of technologies including server infrastructure & operating systems, network & web infrastructures, database architecture, vulnerability assessment and intrusion detection/prevention systems.

- Self-starter with the ability to manage and prioritize responsibilities.

- Team player with proven skills in influencing people without having direct management authority.

- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.

- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.

- Strong risk analysis and problem solving skills.

- Must be flexible to ensure assessments are performed timely and manage multiple assessments simultaneously.