Information Systems Auditor

 

 

Reporting Structure

Reports to Sr. Manager Systems Audit

Education

Graduate in B.E. or B. Tech or BCA or Computer Science/IT

Experience (years)
  • 5 + years of experience in Audits and Risk assessment services of IT infrastructure, Applications, IT processes, Business Continuity and Governance
  • Must  have at least 2 years of ISO 27001 and/or PCI-DSS audits of Information Systems in a medium to large sized enterprises
  • Experience in reviewing business process for information security risk will be a plus
  • Candidate should have hands-on experience in Test of design controls and Test of operating effectiveness review of IT operational controls
  • Candidate should be familiar with Technical Security controls of Identity & Access Management, Network, Server, Application and process controls reviews
  • Must have experience in conducting risk assessment of business and support applications
  • Must have experience in preparing quality audit reports
  • Excellent written, oral communication and presentation skills
  • Excellent organizational, communication and interpersonal skills
  • Ability to work independently or as part of a team

Industry

Information technology / Financial services

Responsibilities
  • Developing project plans, work programs, evaluating IT
  • Systems controls, documenting results, making recommendations and communicating information to stakeholders
  • Conduct Information System audits for regulated entities as per the schedule
  • Review/Assess the security architecture, IT security controls for compliance against published framework and standards
  • Audit IT processes including change management, configuration management, backup management, identity & access management, capacity management and security incident management
  • Review the Information System Management System (ISMS), Business Continuity Plan including Disaster Recovery activities carried out by the regulated entities
  • Review of draft reports for improving quality of the Audit reports
  • Develop and maintain audit checklist and documents
  • Manage all audit related documentation and records
  • Keep updated with latest threats and vulnerabilities researched/discovered

Certifications

  • CISA, CISSP, CEH, ITIL preferred