Role Description
- Providing assurance to the Audit Committee (AC) of Board of Directors (BOD), the CEO & MD and the Senior Management, on control adequacy and effectiveness on Cyber Posture – internal & external threats / Cloud Computing / IT Infrastructure / Data Security / Application Security / Social Engineering / Governance & Risk Management for uninterrupted business operations.
Executing audits, advisory, and other special projects in accordance with the approved audit plan. Auditor shall undertake reviews of the organization’s cyber threats, cloud infrastructure, Vulnerability Assessment & Penetration Testing, processes and controls to protect its intellectual property, using industry standards as a guide, and provide recommendations for improvements.
Skills
- Reviewing and documenting the existing TSL and Group Company IT security architecture to determine security posture w.r.t regulatory, contractual requirements, industry best practices
Identification and categorization of information assets based on confidentiality, integrity and availability (CIA) triadIdentifying associated threats, vulnerabilities and the risk impacts with each of the information assetsSafeguarding the information assets such as – Software, Hardware, Network etc.Reviewing IT Systems controls, Mail Messaging System and End User Computing, Risk Management and Threat Intelligence etc.Reviewing security controls related to hybrid cloud infrastructure, service contract, design and architecture, Business Continuity planAuditing controls for cyber threats pertaining to infrastructure, application, operating system and database, and other controls related to backup, DR/ BCP plans, patch management and version control, license control, virus control processes etc.Application Security Audit including Vulnerability Assessment and Penetration Testing, Network Security Testing, Application Security Testing, Social Engg. etcNetwork resilience and recovery mechanism, control on social media access and data exchange through the same, control on data and information storage and access in cloud etcPerforming configuration control audit for all the IT systems as per best practicesCreate security policy and guidelines document for user access management, password policy, data exchange with agencies and vulnerabilities mitigationTesting for security audit cover cross-site scripting (XSS), cross-site reference forgery, SQL injection flaws, input validation flaws, malicious file execution, insecure direct object references, information leakage and improper error handling, broken authentication and session management, failure to restrict URL access, and denial of services etc.Conducting audit of assigned activities for IT enabled systems as per the approved Annual Audit Plan, including any special audit/ project assigned by the respective Group Head
Other Details
- Mandatory: BE, B-Tech, BSc (Engineering), ME/MTech, MBA/PGDM, MCA, MSc (Maths, Statistics or Physics)
- Preferred: Exposure to information security and various standards in the form of project experience of one semester or completion of two related courses as a part of the curriculum.
- Preferred: CISA / CEH / CISSP
- Strong knowledge and experience in domains covering - Vulnerability assessment and penetration testing (VAPT), Risk management, Business continuity, Access and authorization, Web application security, Threat detection (SOC, NOC), Ethical Hacking, Social Engineering, Phishing simulation (email, CH, attachment)
- Exposure on performing vulnerability assessment and penetration testing (black box) including red teaming
- Information systems industry and best practices in network, application and hardware platform security
- Audit and assessment methodologies, procedures and best practices that relate to information networks, systems, and applications
Risk Management, security program policies, processes, standards, requirements and procedures and various supporting security technologies.
Desirable
: Understanding of NIST / ISO 27001 / CIS framework
