'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Manager/Senior Manager - Information Security Audit/IT Audit - Online Payment Firm
Delhi NCR- To carry out IS Audit planning using the Risk Based Audit Approach. The approach would involve aspects like IT risk assessment methodology, defining the IS Audit Universe, scoping and planning the audit, execution and follow up activities.
- To ensure IS Audit Plan (either separately or as part of the overall internal audit plan) be a formal document, duly approved by the Audit Committee initially and during any subsequent major changes. The Audit plan to be prepared in compliance with appropriate external regulatory/legal requirements, in addition to well-known IS Auditing Standards.
- Would be responsible for follow up and closure on ATR
- To implement IS Audit policy/charter subjected to an annual review/approval to ensure its continued relevance and effectiveness.
- To build the IS Audit Universe around various IT people and processes like application systems, information or data, infrastructure (technology and facilities like hardware, operating systems, database management systems, networking, etc., and the environment that houses and supports them that enable the processing of the applications) and people (internal or outsourced personnel required to plan, organize, acquire, implement, support, monitor and evaluate the information systems and services).
- To finalize annual IS Audit Plan and strategy which is prepared based on the scoping document and risk assessment.
- To report on the status of planned versus actual IS audits, and any changes to the annual IS audit plan (to be presented periodically to the Audit Committee and Senior management)
- To cover IT governance, information security governance related aspects, critical IT general controls like data center controls and processes and critical business applications/systems having financial/compliance implications including MIS and regulatory reporting systems and customer access points (like delivery channels)
- To establish a quality assurance process (e.g., interviews, customer satisfaction surveys, assignment performance surveys etc.) to understand the auditee's needs and expectations relevant to the IS audit function.
- To include pre and post implementation application control audits and data migration audits with regard to critical systems.
- To consider Fraud Vulnerability assessments undertaken by the Fraud Risk Management group, while identifying fraud risk factors as part of IT risk assessment and audit process.
- To consider tools and techniques that help support the audit procedures to increase the efficiency and effectiveness of the audit.
- To include branches, in critical areas like password controls, control of user ids, operating system security, anti-malware controls, maker-checker controls, segregation of duties, rotation of personnel, physical security, review of exception reports/audit trails, BCP policy and testing etc. (as applicable)
- To enhance utilization of CAATs
- To include Services provided by a third party when those services, and the controls within them, form part of the bank's information systems. These need to be adequately assessed as part of the IS Audit process.
Demonstrate (Key competencies)
- To possess the relevant knowledge of Information Systems, IS Controls and leading audit practices
- To have relevant competencies to understand the ultimate impact of deficiencies identified in IT Internal Control framework as part of IS audits.
- He/or she to act independently of the bank's management.
- To be professionally competent, having the skills, knowledge, training and relevant experience to conduct an audit.
- To be able to exercise due professional care, which includes following professional auditing standards in conducting the audit.
- To be reasonably conversant with various fraud risk factors and should assess the risk of occurrence of irregularities connected with the area under IS audit.
Educational Level : Master's Degree in Business, Finance, Accounting or any relevant professional qualification. CISA/ or DISA certified
Working Experience : 5+ years of work experience in Auditing in large to mid-size organization for Information security. Banking experience preferred
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}