'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
IT Risk & Assurance Senior - IT General Control
Gurgaon/Gurugram Job location- Gurgaon
JOB DESCRIPTION :
As IT Risk and Assurance Senior, you'll contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. As an influential member of the team, you'll help to create a positive learning culture, coach and counsel junior team members and help them to develop.
Client responsibilities :
- Participate in IT Risk and Assurance engagements
- Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress
- Help prepare reports and schedules that will be delivered to clients and other parties
- Develop and maintain productive working relationships with client personnel
- Build strong internal relationships within Ernst & Young Advisory Services and with other services across the organization
- Obtain and review evidence of compliance for adherence to standards
- Obtain evidence and perform SOD analysis
- Collaboration with other Compliance Analysts to identify overlaps with complementary compliance frameworks
- Key domains of compliance controls, including change management, access to systems, networks and data, computer operations and systems development.
- Driving necessary system and process updates across key domains of compliance
- Management of IT security and IT risk (e.g., data systems, network and applications) across the enterprise.
- Assist with the development of policies, procedures and standards that meet existing and newly developed policy and regulatory requirements
- Assist with facilitating IT security/risk training curriculum.
- Work closely with cross-functional teams and develop strong relationships as project lead within IT security and GRC projects.
- Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise
People responsibilities :
- Conduct performance reviews and contribute to performance feedback for staff
- Contribute to people-related initiatives including recruiting and retaining IT Risk and Assurance professionals
- Maintain an educational program to continually develop personal skills of staff
- Understand and follow workplace policies and procedures
Education Qualification and Experience:
- Preferably B.E/B.Tech (CS/ IT, Electronics, Electronics & Telecommunications,)/MBA/M.Sc. with at least 3-6 years of experience
Mandatory knowledge of the below areas:
- Experience in evaluation of sensitive access and SOD based on business risks/ industry best practice risks for multiple ERPs.
- Experience in creation of SOD rulebooks based on the client business processes and applications
- Experience in role redesign based on the violations identified during the SOD tests.
- Application controls and security experience
- Security modelling
- Process systems and integrity, including risks and controls within business processes (manual, automated, security)
Additional knowledge in any of the below areas is an add-on:
a) IT assurance and compliance
b) Knowledge of SAP Audit practices
c) Knowledge of compliances like SOX, HIPAA, PCI-DSS
d) IT Governance and risk:
- Control frameworks such as COSO
- Enterprise risk services with a specific focus on IT, and related industry standards
- IT risk management framework
- Common IT governance and control industry frameworks, including COBIT, RiskIT, ValIT, IT
- Governance Institute and ISACA good practices
- IT industry frameworks such as ITIL and CMM
e) Project risk:
- Robust understanding of program and project management practices
- Familiarity with a typical IT systems development life cycle
- Experience in developing technical skills specific to a solution, e.g., SAP, Oracle, CRM
- Proven business process/analysis skills
f) A broad appreciation of business processes, data structures, IT applications and infrastructure, IT processes, and governance and internal control principles.
g) Depending upon your specific area(s) of focus, you'll have additional skills and knowledge in:
- IT audit in the context of a financial audit, and related regulations, auditing standards and guidelines
- Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX
- Internal audit services with a specific focus on IT, and related industry standards
- Common IT governance, control and assurance industry frameworks, including COBIT, RiskIT, ValIT, IT Governance Institute and ISACA good practices
- IT industry frameworks such as ITIL and CMM
- Third party reporting standards (particularly SSAE16), other reporting and industry specific standards and, if applicable, trust based standards such as SysTrust and WebTrust
h) Infrastructure
- Technically enabled IT /business transformation, program and project delivery, design, architecture and solution design, information management, implementation, operations, and management of IT infrastructure
- Information systems security assessment, design, architecture, implementation management and reporting
- Strong technical or security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems
- Familiarity with IT analysis, delivery and operations methods, including SDLC and CMM
- Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT
- Experience of security testing methods and techniques including network, operating and application system configuration review and internal/external penetration testing
- An understanding of web-based application vulnerabilities, and experience in application security review and testing
- Experience of manual attack and penetration testing above and beyond the running of automated tools
- Experience in developing custom scripts or programs (used for port scanning and vulnerability identification)
i) Project Management
Project management and program management office (PMO) experience
Project assurance/advisory services experience:
- system selections
- Targeted assessments
- Pre and post-implementation reviews
- Basic programming compliant with ACL, DB and Microsoft Office skills/experience, e.g., Excel
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}