Job Description

Auditor/Senior Auditor - Cyber Security

Reporting Structure:

Reports to Lead Auditor/Senior Manager

Education:

Graduate in Computer Science/IT or B.E / B. Tech or BCA / MCA




Certifications:

CISA / CISM / CISSP / CEH / CRISC

ISO 27001 Lead Auditor/Lead Implementer

Additionally, below domain-specific certifications may be preferred.


Application & API Security:

MCSD

Certification in Mobile application security testing

Java certifications

Certifications in API security


Database Security:

MCDBA

Oracle database

Certification in big data / analytics




Network Security:

CCNA.

Certified Firewall administrator


Payments Security:

Relevant certifications into ATM security, Cards / Payments security




Cloud Security:

CCSK/CCSP


Artificial Intelligence

Any Online courses on AI security






Experience (years):


2 - 6 years of experience (upto 8 yrs.) in the field of information security operations, Information System Audits encompassing experience into any of the Banking Technologies Domains - Application Security, Database management and administration, / Network security and SOC / Payment systems in addition to IT General controls (ITGC). Exposure to the Banking / Finance / Payment industry domains would be preferrable. Hands-on experience in the following areas:

oWriting Information security policies, procedures, and processes
oConducting risk assessment covering Cyber Security domains as noted below:

Application Security:

Mobile application assessment, OWASP security practices for applications, VA/PT/AppSec, source-code review, black/grey/white box testing, application SDLC, Strong knowledge of programming languages for applications.

Database Security:

Database administration and management - Oracle, MS SQL etc., Database Activity Monitoring tools, data security and localization.

Payments Systems Security:

Understand payment systems and architecture such as SWIFT, UPI, IMPS, ATM, Internet Banking, Mobile Banking, Core Banking System, payment gateway, ATM switch and terminal.
Experience in PCI DSS implementation/assessment and ATM end-point security and Cards data security and operations.

Networks Security:

Managing firewalls, routers, proxy, WAF, email filtering, DLP, DDoS protection, data encryption, IPS/IDS, Incident response and investigate security breaches, VA-PT for networks.
Security Operations Centre- Implementation and review.

IT General Controls:

Familiarity with Technical Security controls of Identity & Access Management, Network, Server, Application, Change management, Backup and Restoration etc. and process controls reviews.
Understand BCP and DR processes and architecture.

Experience in conducting reviews based on ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred.

Experience in conducting Information System Audits

Must have experience in preparing quality deliverables such as audit reports, presentations etc.

Excellent written, oral communication and presentation skills

Excellent organizational and interpersonal skills

Ability to work independently or as part of a team

Please note : While multi-domain expertise and certifications are preferred, the candidate is required to have specialization in at least one of the technical areas mentioned above.

Industry:

Information technology / Banking and Financial services / Auditing / Cyber Security consulting



Responsibilities

Candidate will have to travel extensively within Mumbai and across the country for performing audits, as per RBI requirements.

Conducting audit of Information security policies, procedures, and processes to identify process/design gaps.

Conduct audits of information security systems and infrastructure to verify systems are secure and support the related applications/business processes.

Conducts audits in different banking technology domains such as Active Directory, WAF, Network access security, End-point security, Application VA/PT/AppSec, SDLC, Database management and security, PCI-DSS, ATM controls, Cards (Debit/Credit) security, Payment-gateway and IT General Controls etc.

Additional weightage will be given to candidates with experience in domains such as Cloud Security, API security.

Developing project plans, work programs, evaluating system controls, identify risks and audit gaps, documenting results in proper audit report format, making recommendations, and communicating information to stakeholders.

Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc.

Should be a self-learner and must keep updated with the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered.

Research public domain to keep up to date knowledge on latest banking applications / technologies and emerging technologies - Cloud, Virtualisation, AI-ML, IOT etc. and ensure continuous learning in identified security competencies and new/emerging technologies.




Employment Type

* All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent