Senior Auditor

Auditor/Senior Auditor – Cyber Security

Reporting Structure:

• Reports to Lead Auditor/Senior Manager

Education:

• Graduate in Computer Science/IT or B.E / B. Tech or BCA / MCA

Certifications:

• CISA / CISM / CISSP / CEH / CRISC

• ISO 27001 Lead Auditor/Lead Implementer

• Additionally, below domain-specific certifications may be preferred.

Application & API Security:

§ MCSD

§ Certification in Mobile application security testing

§ Java certifications

§ Certifications in API security

Database Security:

§ MCDBA

§ Oracle database

§ Certification in big data / analytics

Network Security:

§ CCNA.

§ Certified Firewall administrator

Payments Security:

§ Relevant certifications into ATM security, Cards / Payments security

Cloud Security:

§ CCSK/CCSP

Artificial Intelligence

Any Online courses on AI security

• Experience (years):

• 2 - 6 years of experience (upto 8 yrs.) in the field of information security operations, Information System Audits encompassing experience into any of the Banking Technologies Domains – Application Security, Database management and administration, / Network security and SOC / Payment systems in addition to IT General controls (ITGC).

• Exposure to the Banking / Finance / Payment industry domains would be preferrable.

• Hands-on experience in the following areas:

oWriting Information security policies, procedures, and processes

oConducting risk assessment covering Cyber Security domains as noted below:

Application Security:

§Mobile application assessment, OWASP security practices for applications, VA/PT/AppSec, source-code review, black/grey/white box testing, application SDLC, Strong knowledge of programming languages for applications.

Database Security:

§Database administration and management - Oracle, MS SQL etc., Database Activity Monitoring tools, data security and localization.

Payments Systems Security:

§Understand payment systems and architecture such as SWIFT, UPI, IMPS, ATM, Internet Banking, Mobile Banking, Core Banking System, payment gateway, ATM switch and terminal.

§Experience in PCI DSS implementation/assessment and ATM end-point security and Cards data security and operations.

Networks Security:

§Managing firewalls, routers, proxy, WAF, email filtering, DLP, DDoS protection, data encryption, IPS/IDS, Incident response and investigate security breaches, VA-PT for networks.

§Security Operations Centre- Implementation and review.

IT General Controls:

§Familiarity with Technical Security controls of Identity & Access Management, Network, Server, Application, Change management, Backup and Restoration etc. and process controls reviews.

§Understand BCP and DR processes and architecture.

• Experience in conducting reviews based on ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred.

• Experience in conducting Information System Audits

• Must have experience in preparing quality deliverables such as audit reports, presentations etc.

• Excellent written, oral communication and presentation skills

• Excellent organizational and interpersonal skills

• Ability to work independently or as part of a team

Please note : While multi-domain expertise and certifications are preferred, the candidate is required to have specialization in at least one of the technical areas mentioned above.

Industry:

Information technology / Banking and Financial services / Auditing / Cyber Security consulting

Responsibilities

• Candidate will have to travel extensively within Mumbai and across the country for performing audits, as per RBI requirements.

• Conducting audit of Information security policies, procedures, and processes to identify process/design gaps.

• Conduct audits of information security systems and infrastructure to verify systems are secure and support the related applications/business processes.

• Conducts audits in different banking technology domains such as Active Directory, WAF, Network access security, End-point security, Application VA/PT/AppSec, SDLC, Database management and security, PCI-DSS, ATM controls, Cards (Debit/Credit) security, Payment-gateway and IT General Controls etc.

• Additional weightage will be given to candidates with experience in domains such as Cloud Security, API security.

• Developing project plans, work programs, evaluating system controls, identify risks and audit gaps, documenting results in proper audit report format, making recommendations, and communicating information to stakeholders.

• Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc.

• Should be a self-learner and must keep updated with the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered.

• Research public domain to keep up to date knowledge on latest banking applications / technologies and emerging technologies – Cloud, Virtualisation, AI-ML, IOT etc. and ensure continuous learning in identified security competencies and new/emerging technologies.

Employment Type

• All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent