Consultant at Michael Page
Views:69 Applications:5 Rec. Actions:Recruiter Actions:0
IT/Information Security Audit Role - Bank (4-8 yrs)
- To carry out Information System (IS) Audit planning using the Risk Based Audit Approach. The approach would involve aspects like IT risk assessment methodology, defining the IS Audit Universe, scoping and planning the audit, execution and follow up activities.
- To implement IS Audit policy/charter which would be subjected to an annual review/approval to ensure its continued relevance and effectiveness.
- To prepare the annual IS Audit Plan and strategy (based on the scoping document, risk assessment, in compliance with appropriate external regulatory/legal requirements and well-known IS Auditing Standards) for being put before the Audit Committee for approval.
- Handle independent execution of IS audits and IT Application audits within the bank; IT/IS Audit review for services provided by a third party for the controls within them forming part of the bank's information systems.
- Would be responsible for follow up and closure on ATR (Audit Tracking Report)
- To report on the status of planned versus actual IS audits, and any changes to the IS audit plan (to be presented periodically to the Audit Committee and Senior management)
- To establish a quality assurance process (e.g., interviews, customer satisfaction surveys, assignment performance surveys etc.) to understand the auditee's needs and expectations relevant to the IS audit function
- Demonstrate leadership while conducting and supervising the audits to ensure efficient and high quality delivery within the agreed timeframes.
- To promote and enhance utilization of CAATs to increase the efficiency and effectiveness of the audit
- Assist in initiatives taken by Internal Audit and special projects.
- Understanding of IS Audit Universe to ensure holistic coverage for the IS audits across - Application Systems, Information or data, Infrastructure (technology and facilities like hardware, operating systems, database management systems, networking, etc., and the environment that houses and supports them that enable the processing of the applications), People (internal or outsourced personnel required to plan, organize, acquire, implement, support, monitor and evaluate the information systems and services)
- Understanding of audit and risk aspects related to domains such as IT Governance, IT Operations, IT Outsourcing, Application Control & Security, Pre and post implementation application control audits and data migration audits with regard to critical systems, Change Management, Logical Access, BCP/ DR, Data centre controls, Vendor IS Audit.
- Understand the guidelines and regulations applicable in the banking environment to be considered as the part of IS audit.
- To possess the relevant knowledge of Information Systems, IS Controls and leading audit practices.
- To have relevant competencies to understand the ultimate impact of deficiencies identified in IT Internal Control framework as part of IS audits.
- To be reasonably conversant with various fraud risk factors and should assess the risk of occurrence of irregularities connected with the area under IS audit.
- He/or she to act independently of the bank's management.
- To be able to exercise due professional care, which includes following professional auditing standards in conducting the audit.
- To be professionally competent, having the skills, knowledge, training and relevant experience to conduct audits;