Internal Auditor-Information Security/System Audits:Audit & Process_AFL

Role description

Job Description

Auditor – Information Systems / Infosec Audits

About the Role

The role of Auditor involves:

· Conducting audits of Information Systems / Information Security covering process reviews, application control and functionality reviews, BCP and DR testing, and adherence to Regulations with respect to Information Systems / Infosec

· Execution of planned audits by adhering to given schedules and ensuring adherence to audit / ISO processes & ICAI standards. Review of Compliances to Audit reports submitted by Auditee units. Ensuring follow up for closure of reports and files within prescribed timelines.

Key Responsibilities

· Conducting internal audits within stipulated time and submission of audit reports based on risk based audit norms.

· Ensuring quality of audit report (depth & coverage) by focusing on root cause analysis and providing qualitative suggestions/recommendations for improvement of processes & mitigation of risk

· Effective use of off-site audit reports (with special focus on data mining & analysis) for bringing out risks in the audit reports.

· Conducting planned and unplanned audits and provide qualitative suggestions/recommendations for improvement of processes

· Updating skill sets and knowledge through continuous readings, attending trainings

· Ensuring timely follow up on closure of audit findings; checking the closure in line with the risk and recommendation; processing the closure of audit issues / reports as per the policy

· Timely submission of information relating to audits conducted to internal and external stakeholders.

Qualifications, technical skills and experience

Base qualifications:

· Graduates/CAs/MBA (Finance) with relevant certification such as CISA / CISM / CISSP / CIA

3-5 Years of Experience (Audit/ Banking / NBFC Domain preferred)

· Experience in Information Systems / Infosec audits in the financial services (Banking, NBFC) industry

Technical skill set for Information systems auditor. The auditor should have:

· Solid base of computer skills in hardware and software

· Knowledge of various operating systems

· Knowledge of Databases

· Hands on experience on Network Architecture

· Knowledge of other IT infrastructure

· Application controls and Interfaces

· Knowledge on Computer Assisted Audit Techniques (CAATs)

· Knowledge on Information security governance

· Knowledge on Business Continuity and Disaster Recovery framework

Role Proficiencies:

· Demonstrate good understanding of IS/Infosec function audits

· Knowledge of Business Applications used in Banking / NBFC industry

· Understanding of statutory and regulatory requirements and policies

· Working on the preparation of the Audit Calendar for the year basis the residual risk assessment and methodology defined in audit policy of the organisation.

· Conducting specific audits basis plan or trigger based requirements.

· Drafting of detailed audit reports with assessment details, preparation of supporting workpapers, clearly documenting the observations noted with implications and recommending corrective actions to auditee

· Coordinating and supporting the company’s Compliance team during RBI Audits and other external audits.

· Good communication (both verbal & written) and inter-personal skills

· Ability to work independently or as a part of team and contribute towards team goals

· Planning the audit, developing clear and concise risk/control matrices and audit programs, and reporting

· Demonstrate professionalism, competence and clarity of communication when dealing with the IT stakeholders

· Demonstrate reasonable knowledge of the industry or sector and be aware of technical issues or audit risk