01/02 Pranali Malkar
HR at Tech Mahindra

Views:5105 Applications:275 Rec. Actions:Recruiter Actions:13

Tech Mahindra - Manager - Internal Audit & Risk (9-14 yrs)

Mumbai Job Code: 660138

JOB TITLE: Manager Internal Audits & Risk

DEPARTMENT: Internal Audits & Risk


REPORTS TO: Head - Internal Audits & Risk

JOB TITLE: Manager


- The purpose of this job role is to assist the HOD to implement an effective Internal Audit, Risk management, Investigations & Information security Process for the company meeting COSO, CARO & ISO 27001 standards.

- This involves planning conducting audit engagement activities of financial & non- financial business operations and processes & systems of various departments in accordance with generally accepted auditing standards.

- This role also includes supporting the HOD in implementing and executing the Risk Management strategy for the Organisation and ensuring Compliance to Indian Laws and Acts and laws applicable in client's country like Data protection, GDPR, etc.


I. To efficiently undertake, manage and execute Audit engagement activities providing independent audit opinions to the business:

Audit Assignments (Planning)

- Assist HOD is identifying & planning audit & monitoring of the high risk activities that will meet IFC controls & CARO requirements alongside company's Risk environment.

- Initiating the audit with the stake holders in accordance with the annual audit plan with the approval of HOD

- Conducting an understanding meeting for the assigned audit area to obtain a working knowledge of the nature of the activities

- Developing the assigned audit plan including scope and objectives of the audit, and audit procedures and obtaining the Internal Audit HOD's approval in a timely manner

- Ensuring the audit plan is developed to meet the Business expectations and is based on high risk, and compliance with statutory audit requirements

- Planning audit testing strategy and estimating the time for completion of the audit in coordination with the Audit HOD

Implementing Audit Activities :

- Create and manage the entire compliance framework - all applicable regulations including requirements like DPA, PCI DSS, etc. and local regulatory, BPO industry requirements from bodies like NASSCOM.

- Performing regulatory, operational and process audits of the company's business units to ensure adherence and compliance to the organization's corporate policies, SLAs agreed with client and statutory requirements.

- Execute key audits as well as well as review the execution of team members.

- Carrying out tests, evaluating the results and drawing conclusions based on test findings to discuss scope of improvement with process owners and obtaining the Internal Audit HOD's approval.

- Executing an efficient and effective audit approach as defined by internal audit management to ensure all assigned work is completed according to schedule

- Documenting and actively participating in the development of audit procedures performed as well as the preparing noted concerns for audit report inclusion

Evaluating Audit Activities :

- Performing analytical review procedures on audit activities conducted by the auditees using excel, Oracle & other tools, as applicable

- Validating the audit conclusions with the team leader and auditee and ensuring actual accuracy

- Review audit work papers in coordination with Audit HOD to ensure compliance with professional and company standards to update management

- Drafting audit findings, recommendations and writing audit memos, soliciting inputs from the process owners and obtaining the Internal Audit HOD's approval in a timely manner

- Drafting the audit report and obtaining IA HOD's approval

Communications & Reporting :

- Reviewing the audit report for accuracy of data, language and clarity and discussing & clearing the report with the Audit HOD before submission to auditee and Senior Management

- Discussing all audit findings with the senior management, respective business verticals and ensuring factual accuracy of the audit issues

- Escalating identified audit issues with risk mitigating measures in a timely manner, as appropriate

- Ensuring and supervising effective implementation of the corrective actions

II. To efficiently assist in optimizing contact centre business efficiency and performance:

Risk Assessment & Fraud Investigation :

- Preparing the Risk Control Matrix (RCM) for the business processes and incorporating suggestions for improving efficiency

- Conducting regular risk assessments of business operations and policies as per the audit plan and gathering audit evidence through the audit team

- Facilitating the implementation of the annual risk assessment ensuring all key risks (Financial/ Legal/ Fraud) are assessed and recommending internal control improvements that may include operational enhancements or efficiencies

- Discussing management responses, action plans and timelines to ensure that the risks identified are adequately mitigated

- Reviewing and periodically testing/ monitoring controls implemented by the audit team

- Assist HOD Audit in fraud investigations and proactive fraud monitoring in financial as well as IT areas.

Information security and BCP :

- Support the management in Information Security to establish and maintain the Information Security Management System and ensuring compliance with organizational security policies and customer data security requirements.

- Support IT operations in implementing the defined security policies. Monitoring compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties, and referring problems to appropriate department managers or administrators.

- Work alongside the InfoSec service partner to drive performance and adherence to company objectives of enhancing compliance & awareness.

- Business Continuity - support/facilitate implementation of Business Continuity and DR plans to ensure continued compliance with established Business Continuity policies and procedures.


Core Competency :

- Knowledge & understanding of compliance & regulatory guidelines to drive contact centre compliances & statutory compliances

- Knowledge of generally accepted auditing standards and practices (GAAS/GAAP)/ Indian GAAP & IFRS

- Preferred knowledge of IT standards like SOC, BSSIM, ISO 27001, PCI DSS

Knowledge & Skills - examples provided below :

Business Acumen :

- Must have good knowledge & understanding of compliance & regulatory guidelines to drive contact centre compliance with all quality measures & statutory obligations including organisation's policies & guidelines

- Must have a clear idea and an understanding about the BPO process and non-negotiables in the contact centre

- Must have working knowledge of the Company's Act, Income Tax Act, Accounting Standards and Standard Audit Practices to make assessments and recommendations to organisation in terms of policy change, design and implementing new processes & systems

- Must maintain a current knowledge base of Audit industry practices and ensure best practices are considered within the company.

Customer Focus :

- Consistently place a high value on customers (internal and external) and all issues and factors that relate to customer experience/ stakeholder expectations and needs

- Ensure delivery of all promises and commitments made to the customers/stakeholders

- Should have the ability to have difficult conversations and build working relationships with stakeholders constructively.

Functional Competencies :

- Planning & Organizing

- Analytical Thinking, Evaluating & Decision Making

- Communication, Influencing, Negotiating Skills (Stakeholder Management) & Assertiveness

- Should be self-contributor, assertive and should have proactive approach in all the activities.


Education :

- Graduate/ Post Graduate in Accounting or Finance or related field

- Professional qualification : Chartered Accountant / Semi qualified CA/ MBA Finance


- Professional Certification: Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, etc.

Work Experience :

Necessary :

- Minimum 9 years of work experience of which, at least 7 years in an Internal Audit & Risk Management function including team management role,

- Should have managed investigations, faced external client or regulatory audits and preferable experience in information security domain

Preferable :

- Experience in a BPO / ITES business

- Blend of Financial & IT audits experience

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.