TransUnion CIBIL - Internal Auditor

- The Internal Audit and Advisory team is an independent and objective assurance function, performing consulting activity to add value to improve the operations of TU.

- IAA assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's risk management, control, and governance processes.

- IAA collaborates with Business Unit and Functional leadership and their Associates in developing strong, professional and independent relationships to ensure a comprehensive understanding of the business to enable value added recommendations that improve efficiency and effectiveness.

- In addition, the group also maintains a strong collaboration with the company's external auditor to perform management's SOX testing activities in an efficient manner.

- As a Specialist IV, you will have the opportunity to learn about the systems, products, strategies, and people at TransUnion in relation to how the internal control framework operates over financial reporting processes.

- The Specialist IV supports the audit cycle in performing audit engagements throughout the organization by participating on an audit team or individually under the direction of Internal Audit & Advisory Department management.

- A Specialist IV is responsible for leading the preliminary planning, audit execution, and reporting on all audit engagements. In addition, the Specialist IV works with the management (IT, Finance process owners and IAA) in developing risk mitigation strategies and promoting compliance with policies, standard operating procedures, and best practices.

Roles & Responsibilities:-

Assist in developing risk based annual audit plans:

- Coordinate with process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of Information Technology General Controls (ITGC) over applications, operating systems, and databases as well as the network infrastructure including cybersecurity controls

- Lead audit planning, fieldwork (testing and documentation), and reporting

- Lead engagements and communicate issues to process owners, ensuring their understanding of associated risks and the actions needed to remediate those risks.

- Document the results of audit procedures performed that support the conclusions reached.

- Under the supervision of IAA management, communicate preliminary results to management and obtains validation

- Prepare audit reports based on the adequacy and effectiveness of controls evaluated.

- Track and Monitors open audit issues and conducts post-audit follow-up to evaluate the adequacy of remediation efforts

- Prepares other ad-hoc reports and assists in special projects as required or requested by supervisor

- Communicate with external auditors and support their initiatives effectively from an IT audit standpoint.

- Research security trends, threats, and prevention technologies.

- Participate in departmental initiatives, administrative matters, and special projects.

- Establish strong working relationships with various teams across the organization and work cohesively with IAA teammates

- Lead SOX and ICoFR audit planning, fieldwork (testing and documentation), and reporting

- Interact with the Company's external auditors and provide assistance as needed during the SOX control testing processes, including attending walkthrough meetings and performing testing on their behalf

- Aware about IT Controls and related compliances applicable to TransUnion CIBIL

- Evaluate compliance with Company policies and procedures and regulatory standards

- Build collaborative working relationships with internal stakeholders (appropriate levels of management)

- Work closely with process owners/control owners and cross-functional teams (US and International) to provide ongoing SOX support and ensure controls are designed and implemented effectively

- Performs other related duties as assigned

- Possess excellent time management skills; plan workload appropriately and demonstrate the ability to manage multiple assessments simultaneously

- Confidently lead meetings to discuss audit issues with finance management, ensuring their understanding of associated risks, root causes, and the actions needed to remediate

- Operate autonomously and manage tasks at hand without manager intervention

- Take ownership of the assigned tasks and interact with other IAA members in working towards Departmental goals

Experience & Skills :-

- 7 - 10 years of experience in an IT Audit, Assessment, or Information Security role.

- Bachelor's degree in computer science, management information systems or related field. CISA certification is must

- Certification of CA, CPA or CIA (or actively working towards) or other similar certifications would be an added advantage

- Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, physical security, security architecture and design, business continuity/disaster recovery, network security, application & operations security and compliance/incident management.

- Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks.

- Strong understanding of SOX legislation and IT frameworks including COSO and COBIT.

- Strong technical and/or IT audit background with practical knowledge of a wide variety of technologies including server infrastructure & operating systems, network & web infrastructures, database architecture, vulnerability assessment and intrusion detection/prevention systems.

- Self-starter with the ability to manage and prioritize responsibilities.

- Team player with proven skills in influencing people without having direct management authority.

- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.

- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.

- Strong risk analysis and problem solving skills.

- Must be flexible to ensure assessments are performed timely and manage multiple assessments simultaneously.