Team lead-IT Information System Audit

Role: Team Lead- IT- Information System Audit

Reporting to: Head Internal Audit

Job Location: Mumbai, Goregaon East

Experience: At least 8-10+ years of experience working with banks/NBFC/ Consulting / Big 4 Firm in Information System Audit-(IT-IS Audit) with CISA Certification

Mandatory Certification: Candidate must be Certified Information System Auditor (CISA- ISACA)

1)  Job Purpose:

The purpose of this role is to perform IT risk assessment and  manage execution of the Information System Audits (IS Audits) including Information Technology (IT) Infrastructure, Information Security and IT Applications Audits covering the key Information System areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration Testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT Infrastructure management, Database & Operating System management, Incident management, Change management, Email management and process review, End point security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk) within Company.  The role also include adherence to internal policies and procedures as well as applicable laws and regulations.

2) Dimensions:

Other Quantitative and Important Parameters for the job: Budgets/ Volumes/No. of Products/Geography/ Markets/ Customers or any other parameter

Information System Audits (IS Audits) including Information Technology (IT) Infrastructure, Information Security and IT Applications Audits covering the key Information System areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration Testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT Infrastructure management, Database & Operating System management, Incident management, Change management, Email management and process review, End point security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk).

3) Job Context & Major Challenges:

• The purpose of this role is to perform IT risk assessment and manage execution of the Information System Audits (IS Audits) including Information Technology (IT) Infrastructure, Information Security and IT Applications Audits

covering the key Information System areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration Testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT Infrastructure management, Database & Operating System management, Incident management, Change management, Email management and process review, End point security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk) within ABHFL.

• The primary function of the role will be to develop and manage execution of the IS Audits Strategy and Plan for proactively conducting the Information Systems, IT Infrastructure, Information Security and IT Applications assessments across ABHFL factoring the wide spread nature of business, large scale of operations, level of digitalisation and use of technology, complexity & diversity of the various applications across the lines of business of ABHFL  and organization strategy, culture and digital maturity
• Develop processes for effective IS Audits coverage of Information System & Security risks identification, mitigation and management in ABHFL ensuring that the audit coverage is aligned with internal policies, standards, procedures; professional auditing standards as well as various applicable laws and regulations, regulatory circulars / guidelines across various regulators
• Develop strategies for identification and assessment of Information System & Security risks across ABHFL factoring the diverse lines of business of ABHFL, scale of operations and complexities of the business and current maturity level of controls
• Develop IS Audits plan based on risk assessment and the legal, regulatory framework; Ensure use of advanced integrated auditing concepts and extensive use of technology and data analysis for achievement of the audit objectives
• Plan and conduct Information System & Security risk audits  covering the various IT applications, IT infrastructure, Information systems and IT/Information Security processes including cyber security, cloud security, network security, data security, logical and physical access management, adherence to data privacy guidelines, emerging digital & technology risk in accordance with the internal Policies and Procedures, Legal and Regulatory requirements, professional Internal Audit and IS Audit Standards, and leading practices.
• Implement a continuous monitoring process for ongoing assessment of Information System & Security risks across ABHFL to ensure, timely identification and resolution of significant Information System & Security control issues; Identify and develop automated tests across ABHFL for monitoring effectiveness of controls on an ongoing basis.
• Engagement with the Business and Functional leaders across lines of business and functions, as well as Technology leaders on developing and enhancing the maturity level of the controls relating to Information System & Security risk based on the leading practices.

4) Key Result Areas:

Key Result Areas

Supporting Actions

Development of Audit Strategy and Plan

• Develop the IS Audits strategy encompassing Information Technology (IT) Infrastructure, Information Security and IT Applications Audits covering the key Information System areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration Testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT Infrastructure management, Database & Operating System management, Incident management, Change management, Email management and process review, End point security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk) within ABHFL
• Develop strategies for identification and assessment of Information System & Security risks across ABHFL factoring the diverse lines of business of ABHFL, scale of operations and complexities of the business and current maturity level of controls
• Develop IS Audits plan based on risk assessment and the legal, regulatory framework; Ensure use of advanced integrated auditing concepts and extensive use of technology and data analysis for achievement of the audit objectives
• Set up and develop specialised team for conducting IS Audits and assessment of complex and specialised reviews covering key IT Infrastructure, IT Applications and Information System & Security areas (such as Cyber Security, Applications Security, Data Security, Cloud Security, Vulnerability Assessment & Penetration testing, Network Security, Data Privacy, Data Centre, Logical and Physical Access Management, IT infrastructure management, Database & Operating System management, Incident management, Change Management, Email management and process review, End point Security, IT Disaster Recovery, IT Business Process Continuity Review, IT Helpdesk management, IT Project management and Emerging Digital & Technology Risk) across the various lines of business within ABHFL.

Execution of Audit Strategy and Plan

• Conduct IT application reviews across all lines of business in ABHFL) in line with the nature and complexity of the business; Review the major Information System applications for each line of business within ABHFL; Perform application vulnerability assessment and recommend systemic improvements for mitigating the Information system & security risk and enhancing the maturity level of the controls
• Conduct IT Process review  across all lines of business in ABHFL) in line with the nature and complexity of the business; Review the major Information Technology processes for each line of business within the group; Identify the area vulnerable to risk and assess the controls in place for mitigating the Information technology risk; Recommend systemic improvements for mitigating the Information technology risk and enhancing the maturity level of the controls
• Conduct Cyber Security/ Cloud Security/ Network Security/ Information Security Audits at ABHFL; Recommend improvement areas for enhancing the efficiency of controls toward cyber security
• Conduct review of data centres and third party vendors/ business partners/ channel partners  having customer sensitive data with regards to controls in place at the third party vendors/ business partners/ channel partners in line with the defined SLAs; Assess the data privacy and data leakage risk management framework with regards to processes and controls for assessment of outsourced activities and monitoring and manging of outsourcing risk with regards to data security.
• Conduct user access review and access to information on need-to-know basis based on the role and nature of activities to be performed, nature and complexity of the business, scale and size of the business; Review the process of access to information and monitoring of data leakage prevention across ABHFL employees; Review the processes to prevent potential data leakage which may result in detailed inquiry and strict action from Cyber Crime department / other regulators.
• Conduct specialised reviews through use of extensive data analysis and advanced forensic techniques on Cyber Security, Cloud Security, emerging digital technology and other aspects relating to Information Security.
• Effective management and execution of the audit plan for proactive identification and remediation of Information System & Security risk relating to various business products, processes and units.
• Provide effective recommendations for improvements to the organization policies, processes and practices based on leading industry practices and emerging risks.
• Review the effective implementation of audit actionable and open audit points.
• Maintain the working papers, audit evidence and other supporting documents in line with internal policies and procedures and regulatory requirements.

Continuous Monitoring

• Develop strategies for identification of triggers / risk hotspots and conduct unplanned reviews / investigations based on various triggers/ hot spots, directives received from regulators, board committees and senior management.
• Keep abreast of the emerging audit trends and drive key audit initiatives for efficient and effective achievement of the audit objectives.
• Implement an effective continuous monitoring framework for ongoing monitoring of risk relating to various business products, processes and units; Identify and develop automated test for ongoing monitoring of Information System & Security risk across ABHFL.

Communication and Stakeholder Engagement

• Active engagement with stakeholders for implementation of recommendations for effective risk mitigations and improvement in the control environment.
• Effective communication and reporting to various stakeholders including regulators, board committee and senior management.

People Management

• Develop specialised team for conducting IS Audits and assessment of complex and specialised reviews covering key IT Infrastructure, IT Applications and Information System & Security areas
• Develop, nurture and grow talent through effective employee engagement and management
• Continuous development of self and the team through regular learning and sharing of knowledge / best practices.

Please share updated Cv at along with below details

Total years of experience

Highest Qualification and year of passing

Current Fixed CTC

Current Variable CTC

Current Gross CTC

Expected CTC

Notice period

Regards

Geetika Gupta

Lead Talent Acquisition

FORWARD