Reporting Structure:

• Reports to Sr. Manager Systems Audit

Education:

• Graduate in Computer Science/IT or B. Tech or BCA

Experience (years):

• 5+ years of experience in the field of information security operations, Information System Audits preferably in banking sector
• Hands-on experience in the following areas:

• Writing Information security policies, procedures and processes
• Conducting risk assessment covering Cyber Security domains
• Managing firewalls, internet proxy, web filtering, email filtering, data leak prevention, DDoS protection, data encryption and other security products.
• Monitoring networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior
• Incident response
• Conducting periodic network scans to find any vulnerability
• Investigating security breaches

• Experience in conducting reviews based on ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred
• Experience in conducting Information System Audits
• Must have experience in preparing quality deliverables such as audit reports, presentations etc.
• Excellent written, oral communication and presentation skills
• Excellent organizational and interpersonal skills
• Ability to work independently or as part of a team

Industry:

Information technology / Financial services

Responsibilities

• Conducting audits of information security architecture, firewalls, internet proxy, web filtering, email filtering, data leak prevention, DDoS protection, data encryption, and other security products
• Conducting audit of Information security policies, procedures and processes to identify design gaps
• Conducting audit of information security processes such as security event monitoring and resolution, incident response, vulnerability assessment etc.
• Conduct audits of information security systems and infrastructure to verify systems are secure and support the related applications/business processes
• Carry out vulnerability assessment and penetration testing for computing platforms as required
• Audit change management, patch management, incident management, backup management
• Identify and draft thought leadership articles pertaining to technology aligned operational and other categories of risk
• Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc.
• Should be a self-learner and must keep updated with the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered
• Research public domain to keep up to date knowledge on latest Application Security threats and vulnerabilities
• Candidate will have to travel extensively within Mumbai and across the country for performing audits

Certifications

• CISA/CISSP/CEH
• ISO 27001 Lead Auditor/Lead Implementer