Job Description

Key Responsibilities



Coordinate with business and IT process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of Information Technology General Controls (ITGC) over applications, operating systems, and databases as well as the network infrastructure including cybersecurity controls

Planning, testing, documentation and reporting

Communicate issues to process owners, ensuring their understanding of associated risks and the actions needed to remediate those risks

Prepare reports based on the adequacy and effectiveness of controls evaluated/tested

Track and Monitors open issues and conducts follow-up to evaluate the adequacy of remediation efforts

Communicate with external auditors and support their initiatives effectively from an IT audit standpoint.

Lead ISO, SOX and ICoFR audit planning, fieldwork (testing and documentation), and reporting

Interact with the IT application owner and provide assistance as needed during the SOX control testing processes, including attending walkthrough meetings and performing testing on their behalf

Aware about IT Controls and related compliances

Evaluate compliance with Company policies and procedures and regulatory standards

Build collaborative working relationships with internal stakeholders (appropriate levels of management)



Education Qualification



BE / B.Tech Computer Science / MBA - System



Competencies (Knowledge & Skills)



Knowledge of SDLC (Software Development Life Cycle)

Certification of CA, CPA or CIA (or actively working towards) or other similar certifications would be an added advantage.

Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, physical security, security architecture and design, business continuity/disaster recovery, network security, application & operations security and compliance/incident management.

Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks.

Strong understanding of ISO, SOX and IT frameworks including COSO and COBIT.