Head - IT Audit - FinTech/NBFC

Head - IT Audit

Brief description :

- The IT Auditor is responsible for strategic Risk-based IT Audit Plan and managing the Group IT Audit Function in accordance with Internal Audit Charter and the guidelines for IT auditing promulgated by ISACA, ISO, COBIT, IIA and other such professional bodies in the field of IT auditing.

- The IT auditor will direct the IT audit operations and strategy at the group level for auditing information systems, platforms and operating procedures . Responsibilities include providing reasonable assurance on the effectiveness of the organization's risk management and the strength of IT internal controls. The position assesses organization-wide compliance with internal policies and procedures, laws and regulations, contractual terms & conditions and efficiency of operations.

Major Responsibilities :

A. Strategic:

- Own the development and implementation of the risk-based annual IT audit plans of various entities of and ensure they are responsive to and aligned with the risk profile of the organization.

- Lead the annual and ongoing evaluations of IT infrastructure and establish controls and audit procedures to identify areas of risk or non-compliance of various entities and map with auditable entities / functions.

- Ensure proper resourcing for implementation of the plan, and adjust the plan as needed in response to changes in business risks, operations, programs, systems and controls.

B. Process development:

- Develop and update audit tools by considering IIA guidelines & audit manual, and different operational, legal and environmental changes of the entities.

- Proactively inform senior management of significant risks or exposures related to internal controls, compliance and governance requiring prompt attention.

- Provide feedback and recommendations on IT & data risks and improving operational efficiencies and processes where appropriate.

C. Leadership:

- Maintain good relationships and work with a collaborative approach with all key stakeholders across various entities.

- Oversee Internal Audit's participation in critical business and technology initiatives and projects ensuring that audit's perspective is effectively voiced and appropriate controls are designed and implemented on a proactive basis.

- Serve as a "thought leader" with respect to IT risk management and internal control best practices.

D. Operational:

- Continuously inspect and assess various elements of the company's information systems and implement audit test plans.

- Identify and evaluate the IT risk exposure and recommend remediation strategies.

- Review security / digital measures taken by line function (CTO, CISO, Tech Leader and Line function) / new business initiatives.

- Coordinate with external auditors and regulators and provide independent assurance on the IT framework and associated controls.

- Track the issues and actions management process and ensure timely closure.

- Identify early warning signals in IT areas and identify potential fraud scenarios for in-depth review and investigation.

- Benchmark the company's systems to other available technologies on the market and strengthen the company further through use of technology.

E. Reporting:

- Issue all IT Audit reports in a timely manner ensuring the reports are clear, concise, identify root causes with practical solutions, and ultimately provide value to management.

- Ensure timely delivery of different MIS, reports, and data to assist the Function Head.

- Prepare materials and make presentations to the audit committee and management independently.

Experience and Education :

- CISSP, CISA, CISM, GIAC, PPM, PMP, DISA or equivalent IT audits related qualification is preferred.

- 7 or more years' of experience in IT audits preferred (with min 2-3 years in a team management role).

- Strong knowledge of IT security and infrastructure. Experience of working / auditing in agile product management environments.

- 3 to 5 years of Fintech or NBFC industry experience with good expertise of RBI and / or IRDAI guidelines on IT frameworks & sensitive data protection is preferred (not mandatory).