AVP - IT & Infosec Audit

Role Accountability Manage the activities performed by Internal Audit Vertical - IT, Digital and Infosec Audit
Assist Vertical Head in preparing IT, Digital and infosec audit plan based on risk assessment after incorporating inputs from all avenues
Monitor & Conduct overall audit activities pertaining to areas covered under IT, Digital and Infosec audits respectively
Perform resource allocation and prepare an execution plan for audits to undertaken during a given year
Perform complex operational audits, review of entire IT landscape (IT, information security, business applications), IT general controls and compliance audits ensuring adherence to several regulatory mandates
Ensure end-to-end closure of audit reports
Conduct third party security risk reviews (vendor, supplier risk review/assessment)
Align resources for performing risk assessment and other planning related tasks
Prepare final audit presentation for ACB
Ensure Adequate testing of on internal financial controls
Ensure Adherence to Turn-around-Time for closure of audit
Ensure thorough application security review (Web & Mobile), hardening & configuration review , Vulnerability assessment and penetration testing etc.
Ensure adequate validation of business contracts, SAs, MSAs, SoW for security obligations and / or information risk 
Ensure regular follow up to close all the open observations and conduct complete ATR process
Identify, monitor and review the risk associated with IT DR (disaster recovery) and business continuity plan
Monitor governing controls of technical security posture of servers (web, applications, file) storage, database, endpoint devices management (MDM), data center operations through continuous audit and control framework
Review the information security governance controls (policy, procedures, guidelines and SOPs)
Ensuring design effectiveness (DE) & operating effectiveness (OE) testing as per defined testing approach
Performing internal control review and ISO 27001 along with other security reviews in line with applicable standards and framework
Ensure quality of audit findings as well as adherence to audit manual/policy/checklists etc.
Devise corrective action plan based on mutual discussion with process owners
Ensure adherence to regular process documentation practices in compliance with the process guidelines Measures of Success(Define the Outcomes expected of the role) Perform risk assessment for all the processes across the business and support functions to prioritize audit plan
% of all the audits, follow-up audits, and report issuance completed within specified timeframes during the year / half year / quarter
Complete testing of internal financial controls for processes pertaining to allocated function
Percentage of Audit Findings highlighted vs Findings Accepted 
Monitoring closure of ATR observations and reporting the same to Vertical Head
Number of High / Medium Risk findings highlighted 
Negative Comments from Quality Assurance Reviews
Timely and accurate updation of process documentation
Process Adherence as per agreed MOU Techinical Skills / Experience / Certification (If any) 1. Deep understanding of risk and control concepts working in Credit Card/Financial Services industry, its emerging trends, issues, challenges, key players and leading practices
2. Knowledge of processes/internal audit/risk/compliance activities Competencies critical for role with High Proficiency Analytical ability 
Problem-solving
Process Orientation
Result Orientation
Verbal and written communication Key External Stakeholder(s) Regulators Key Internal Stakeholder(s) All Functions Must have Qualification Professional Qualification / Certification - Graduate / Engineers / MCS / CA + Certified Information Systems Auditor (CISA) Over All experience in role 10-13 years of post qualification experience Relevant Experience with respect to the role 6-8 years of experience in application security audits/software development life cycles (SDLC) Audit, Cyber Security Audits, RPA Audits, Pre & Post implementation project audits & internal audits& internal audits Preferred Industry(If any) Financial Services (Payments), Banking