IT Auditor - BFSI

- The incumbent would be responsible for the IT audit function for the organization which includes planning and delivery of IT audits. Plan and perform complex operational audits, reviews for entire IT landscape (IT, Info Security, Business application), IT General Controls and compliance audit ensuring adherence to compliance with the regulatory mandate

- Conduct third party security risk reviews [vendor / supplier risk review / assessment]

- Ensure major risks are highlighted through quarterly audit reports to the senior management, audit committee and board of directors.

- Review the Information security compliance management in accordance to applicable standards and regulatory requirements

- Application security review (web & Mobile), hardening & configuration review, Vulnerability assessment and Penetration testing etc

- Performing internal control review, managing ISO 27001 and other security reviews inline to applicable standards and frameworks

- Assess business contracts, SA, MSAs, SoW for security obligations and / or information risk

- Review the Information Security governance controls (policy, procedure, guidelines, SOPs)

- Identify, monitor and review the risk associated with IT DR (disaster recovery) and Business continuity capability

- Review the monitoring & governing controls pertaining to technical security posture of servers (web, applications, file), storage, database, endpoint devices management (MDM), data centre operations through continuous audit and control framework

- Review compliance with mandates set by regulators (RBI - NBFC, SEBI, NHB, NIST etc)

- Performing design effectiveness (DE) & operating effectiveness (OE) testing as per defined testing approach