JOB PURPOSE :
To contribute significantly in the IT Internal Control division, actively drive end to end IT risk management, assurance reviews/audits and coordinate internal & external audits.
KEY RESPONSIBILITIES :
Core Responsibilities :
- Assess effectiveness of IT operational controls for internal processes & third-party suppliers by audits and ensuring audit standards & practices are in accordance with internal and external requirements
- Custodian of IT Risk Register and ensure end to end IT Risk Management
- Advise and provide recommendations to stakeholders on risk and control issues
- Monitoring and reporting of IT risks for operational purpose or in various risk committees
- Experience in maturing various IT operational processes to increase their efficiency and effectiveness by providing recommendations
- Determines security violations, design gaps and inefficiencies by conducting periodic audits, incident investigations
- Plan and drive the external and internal audits for IT/ information security, liaising with stake holders, report the findings to senior leadership
- Drive the information risk management activities : Risk analysis, identifying mitigation controls, tracking remediation, closure validation, drawing and updating BCPs.
- Introduce new security practices to enhance the security framework, risk management framework and its effectiveness with new/upcoming technologies/frameworks/standards/regulations
- Work security solutions e.g. Designing security for processes, technology
- Perform process and supplier assurance/ due diligence.
- Update and review IT Policies and Procedures in line with regulatory requirements and industry best practices
- Stakeholders management of business & internal stakeholders
KNOWLEDGE, SKILLS & COMPETENCIES :
Educational Qualifications :
- Bachelor's Degree in Computer Science/ Information Technology (B. E/ B.Tech) from a premier institute. Master's degrees is preferable.
- A minimum of following certifications: CISA/ CRISC/ CISM/ CISSP (two preferred)
Desired Skills :
- At least 5+ years of experience in Information Security, Cyber Security, IT Audits and IT Risk Management in Banking/BFSI industry. IT/IS Audit experience is a big plus.
- Must have thorough knowledge and experience in implementing Regulatory and best practices in Cyber Security Framework such as NIST, CERT, ISF, CoBIT5
- Candidate should have an ability to perform independent analysis of reported Cyber Security incidents, carry out root cause analysis and recommend remedial measures.
- Must have knowledge and understanding of SIEM technologies, DLP, IDS/IPS, Secured gateway, firewall, Security orchestration tools, Change/configuration management technologies.
- Knowledge in auditing of Financials systems including CBS, banking products and services will be a big plus
- Experience in people management & performance evaluation is an advantage
- Strong interpersonal, Organizational and communication, written and oral communication skills
- Knowledge of risk assessment of IT processes, BCP/ DR, projects etc. and developing suitable mitigation plans for the same
- Knowledge and Sound understanding of Advanced Persistent Threats (APT), SIEM, Log Management solutions, Secured Web Gateways, Policy Orchestrators, SCCM, IDS/IPS, Firewall, Identity & Access Management, Privileged Identity and Access Management, Data Security products such as Data Loss Prevention (DLP), Digital Rights Management (DRM), Data Base Activity Monitoring (DAM), etc.
- Exposure to ERP, CBS system testing
- Exposure to software license management and compliance processes
- Sound understanding of Data, Application security and secure SDLC framework
- Proficient in MS Office Suite skills
- Knowledge of GRC tools and automation of risk management processes
Desired Attributes :
- Highly flexible and quick learner to adopt and apply new methodologies/ approaches
- Strong communication, presentation and inter-personal skills
- Team management and development capability
- Right balance of creative thinking and process orientation
Didn’t find the job appropriate? Report this Job