Skip to main content

Information Systems Auditor

Reporting Structure

  • Reports to Sr. Manager Systems Audit

Education:

  • Chartered Accountant

Experience (years):

  • 5+ years of experience in the field of Information Systems (IS) Audit
  • Preparing checklist for review of business processes for information security risk
  • Conducting reviews of business processes to identify information security risk
  • Performing root cause analysis on identified risk events to recommend improvements to prevent these risk events from re-occurring in future
  • Review the action plans for mitigating the identified risks and track the closure
  • Maintaining a register for the identified risks
  • Utilizing mathematical and statistical knowledge to assist with the building of risk models in support of Operational Risk Management
  • Experience in Audits and Risk assessment services of IT infrastructure, Applications, IT processes, Business Continuity and Governance
  • Candidate should have hands-on experience in Test of design controls and Test of operating effectiveness review of IT operational controls
  • Candidate should be familiar with Technical Security controls of Identity & Access Management, Network, Server, Application and process controls reviews
  • Must have experience in conducting risk assessment of business and support applications
  • Must have experience in preparing quality deliverables such as audit reports, presentations etc.
  • Excellent written, oral communication and presentation skills
  • Excellent organizational and interpersonal skills
  • Ability to work independently or as part of a team

Industry:

Information technology / Financial services

Responsibilities

  • Conduct Information System audits for regulated entities as per the schedule
  • Identify the opportunities for and contribute towards the continuous improvement of the audit process and service
  • Identify and draft thought leadership articles pertaining to technology aligned operational and other categories of risk
  • Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc.
  • Should be a self-learner and must keep updated with new regulations, developments and technologies related to cyber security
  • Review/Assess the security architecture, IT security controls for compliance against published framework and standards
  • Audit IT processes including change management, configuration management, backup management, identity & access management, capacity management and security incident management
  • Review the Information System Management System (ISMS), Business Continuity Plan including Disaster Recovery activities carried out by the regulated entities
  • Conducting review of operations risk documents
  • Conducting audits of business processes to identify information security risk
  • Conducting audit of Information security policies, procedures and processes to identify design gaps
  • Prepare audit reports and submit for review
  • Candidate will have to travel extensively within Mumbai and across the country for performing audits

Certifications

  • CISA/CISSP
  • ISO 27001 Lead Auditor/Lead Implementer

Employment Type

  • All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of three years, extendable by mutual consent.