'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
IT Compliance & Audit Delivery Role - Information Security
Pune- As a Compliance and Audit Associate you will work under the supervision of the Compliance and Audit Manager and report to appropriate local office management personnel. You will:
- Execute IT audit projects designed to provide assessment of internal control processes in accordance with COMPANYs IT policies, data security and privacy practices and legally binding contractual obligations and commitments to its clients.
- Perform IT risk assessments and third party cloud vendor security and privacy risk assessments.
- Execute detailed plans for performing individual audits in accordance with the COMPANY IT audit program.
- Prepare audit work papers and reports documenting the results of reviews of assigned activities and recommended management action.
- Participate in the planning and coordination of all audits of COMPANYs data security and privacy environment by COMPANYs clients.
- Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry IT trends to identify potential issues and risks.
- Participate in reviews of internal controls and security of systems under development as needed.
- With assistance from senior personnel, liaise with internal and external stakeholders to ensure IT compliance related documentation is kept up to date with COMPANYs compliance requirements, obligations and commitments, as needs evolve.
- Liaise with appropriate stakeholders including IT, Legal, HR, Finance and others, as needed, to ensure that compliance requirements are incorporated into COMPANY configured compliance workflow management tools.
- Assist with monitoring of ongoing organizational compliance with IT change management, logical and physical access, IT operations and other control procedures, as deemed necessary by management from time to time. Actively maintain findings and remediation recommendation registers. Track remediation activities to completion.
- Assist with the documentation of IT policies and procedures (e.g. IT change management, logical and physical access processes, data backups and restoration, disaster recovery processes).
- Assist with responding to client-driven RFPs, RFIs, and external security and privacy audits and questionnaires, as requested by management.
- Assist in the development of appropriate IT compliance training material and conduct training of impacted stakeholders, as needed.
- Assist with other IT audit and compliance related initiatives and special projects as assigned from time to time.
What are we looking for?
A successful Compliance and Audit Associate possess the following characteristics:
- BS/BA in computer science or related field with record of high academic achievement. Management Information Systems (MIS) degree or specialization highly preferred.
- Corporate or consulting firm IT audit/assurance engagement experience required. Big 4 IT assurance/public accounting firm experience, while not required, is strongly preferred.
- Certified or eagerness to become certified in one of the following IT audit related certifications while working at COMPANY (e.g. CISA, CISSP, CRISC, ISO27001 Lead Auditor).
- At least 1 year of hands on experience performing IT audits end to end including the documentation of audit plans, audit test scripts, audit narratives, test results, findings and remediation recommendation listings.
- At least 2 years of experience participating in IT audit engagement lifecycles (e.g. US SOX, US SOC1 & SOC2 audits) with some senior personnel oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement.
- Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers.
- Experience documenting IT policies and procedures (e.g. IT change management, logical and physical access, data backups and restoration processes).
- Excellent communication and organizational skills preferably with international exposure.
- Excellent command over the English language, verbal and written; experience writing IT audit narratives and reports required.
- Demonstrated ability to work independently and as part of a team of IT audit professional peers strongly preferred
- Ability and willingness to work hours which overlap with US time zones (e.g. US Central Time zone)
- Ability and willingness to travel to the US and other COMPANY offices, if needed, to assist with compliance and audit engagements, on a periodic basis.
Technical expectations include proficiencies in the following:
- Basic working knowledge of web based applications, operating systems and databases including Windows Active Directory, Linux, Microsoft SQL and Oracle.
- Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, Access, SharePoint)
- Basic working knowledge of various control frameworks including:
- COBIT Control Objectives for Information and Related Technology
- ISO/IEC 27001:2013 Code of Practice for Information Security Management
- NIST SP 800-53
- HIPAA/HITECH Security and Privacy Audit Protocol
Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including:
- US SOX Sarbanes Oxley Act
- US HIPAA/HITECH Act
- EU GDPR General Data Protection Regulation
- US EU Privacy Shield
- India IT Act (data privacy provisions)
- India Companies Act
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}