IT Auditor - Governance/Risk/Compliance

About the role:

Assistant Manager IT, GRC is responsible for planning, executing and reporting on Information Technology Audits, Tech Infrastructure Audits, IT Security/ Vulnerability/ Risk Assessments reviews, Data Privacy and Cybersecurity. Maintenance and periodic testing of automated controls in SAP and other in-house applications. Will also be responsible to maintain and review IT governance and Technology risks and corresponding.

Here's what you will do day to day:

- Executing IT, compliance and regulatory reviews/ audits;

- Conduct Infrastructure Audit, IT Security, Risk Assessment, Network Design, Web Applications Security and Source Code review;

- Conduct vulnerability assessment of System and cloud / physical infrastructure including penetration testing of networks and web applications using third party/ open source tools;

- Perform manual penetration testing of systems, web sites and networks to discover vulnerabilities;

- Establish policies and procedures for the design, installation and commissioning of the systems infrastructure;

- Perform ITGCs, and test of control in support of financial audit;

- Communicating to appropriate audience the audit scope, protocol, status, issues, risks and recommendations via written reports and presentation;

- Audit wide range of areas, including IT General Controls, IT Strategy, Change Management, Project Management, Cyber, Digital, Business Continuity & IT Disaster Recovery, Data Projection, and IT Infrastructure & Asset Management, etc.;

- Perform technical reviews of databases (including Oracle, AS400, SQL etc.) and other infrastructure components for example web server security/ firewalls/ networks/ encryption/ TCP/IP/ windows etc.;

- Perform data analytics to review processes, transactions and financial data;

- Tracking, compiling and reporting KPIs;

- Performing special projects, investigations, and other duties as assigned

Here's what we're looking for:

Education / Qualification :

- BE, CA, B Tech, ACCA (Required), MBA (desirable).

- Certifications (desirable) - CISA, CISSP, CSX, PMP, ITIL, CEH, COBIT, ISO 27001 LA.

- 3-5 years of relevant experience

Experience:

- Experience of using data analytics & other CAATs (Computer-aided audit tools) to support internal and/or external audits;

- Experience of preparing and delivering internal and/or external presentations

- Has undertaken internal and/or external audit reviews of ERPs (including SAP and inhouse applications, G-suit applications etc.);

- Experience of working with large corporate entities from technology or e-commerce sector;

- Proficient in data analytics tools;

- Familiar with using good practice frameworks and regulatory standards, including COBIT, ISO 27001, GDPR/DPA 98, SOX404, Cyber Essentials, and Agile;

- Experience on Data privacy and Business Continuity would be an added advantage;

- Ability to communicate technical risk issues effectively, to stakeholders who may, at times, have a non- technical background;

- Demonstrate ability to evaluate, synthesize, organize and interpret data and information;

- Strong interpersonal, project management, analytical and supervisory;

- Excellent written and oral communication skills;

- Ability to work in a dynamic work environment;

- Ability to manage multiple projects & priorities simultaneously and be comfortable with ambiguity/ chaos.