Auditor/Senior Auditor- Cyber Security

Auditor/Senior Auditor Cyber Security

Reporting Structure:

Reports to Lead Auditor/Senior Manager

Education:

Graduate in Computer Science/IT or B.E / B. Tech or BCA / MCA

Certifications:

CISA / CISM / CISSP / CEH / CRISC

ISO 27001 Lead Auditor/Lead Implementer

Additionally, below domain-specific
certifications may be preferred.

Application & API Security:

MCSD

Certification in Mobile
application security testing

Java certifications

Certifications in API security

Database Security:

MCDBA

Oracle database

Certification in big data / analytics

Network Security:

CCNA.

Certified Firewall
administrator

Payments Security:

Relevant certifications into
ATM security, Cards / Payments security

Cloud Security:

CCSK/CCSP

Artificial Intelligence

Any Online courses on AI
security

Experience (years):

2 - 6 years of experience (upto 8 yrs.) in
the field of information security operations, Information System Audits encompassing experience into any of the Banking Technologies Domains Application Security, Database management and administration, / Network security and SOC / Payment systems in addition to IT General controls (ITGC).

Exposure to the Banking / Finance / Payment
industry domains would be preferrable.

Hands-on experience in the following areas:

o Writing Information security policies, procedures,
and processes

o Conducting risk assessment covering Cyber
Security domains as noted below:

Application Security:

Mobile application assessment, OWASP
security practices for applications, VA/PT/AppSec, source-code review, black/grey/white box testing, application SDLC, Strong knowledge of programming languages for applications.

Database Security:

Database administration and management - Oracle,
MS SQL etc., Database Activity Monitoring tools, data security and localization.

Payments Systems Security:

Understand payment systems and architecture such
as SWIFT, UPI, IMPS, ATM, Internet Banking, Mobile Banking, Core Banking System, payment gateway, ATM switch and terminal.

Experience in PCI DSS
implementation/assessment and ATM end-point security and Cards data security and operations.

Networks Security:

Managing firewalls, routers, proxy, WAF,
email filtering, DLP, DDoS protection, data encryption, IPS/IDS, Incident response and investigate security breaches, VA-PT for networks.

Security Operations Centre- Implementation
and review.

IT General Controls:

Familiarity with Technical Security controls
of Identity & Access Management, Network, Server, Application, Change management, Backup and Restoration etc. and process controls reviews.

Understand BCP and DR processes and
architecture.

Experience in conducting reviews based on
ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred.

Experience in conducting Information System
Audits

Must have experience in preparing quality
deliverables such as audit reports, presentations etc.

Excellent written, oral communication and
presentation skills

Excellent organizational and interpersonal
skills

Ability to work independently or as part of
a team

Please
note : While multi-domain expertise and certifications are preferred, the candidate is required to have specialization in at least one of the technical areas mentioned above.

Industry:

Information technology / Banking and Financial services /
Auditing / Cyber Security consulting

Responsibilities

Candidate will have
to travel extensively within Mumbai and across the c ountry for performing audits, as per RBI
requirements.

Conducting audit of Information security policies,
procedures, and processes to identify process/design gaps.

Conduct audits of information security systems and
infrastructure to verify systems are secure and support the related applications/business processes.

Conducts audits in different banking technology domains
such as Active Directory, WAF, Network access security, End-point security, Application VA/PT/AppSec, SDLC, Database management and security, PCI-DSS, ATM controls, Cards (Debit/Credit) security, Payment-gateway and IT General Controls etc.

Additional weightage will be given to candidates
with experience in domains such as Cloud Security, API security.

Developing project plans, work programs, evaluating
system controls, identify risks and audit gaps, documenting results in proper audit report format, making recommendations, and communicating information to stakeholders.

Support in maintaining audit checklist and
documents, trend analysis, preparing presentations etc.

Should be a self-learner and must keep updated with
the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered.

Research public domain to keep up to date knowledge
on latest banking applications / technologies and emerging technologies Cloud, Virtualisation, AI-ML, IOT etc. and ensure continuous learning in identified security competencies and new/emerging technologies.

Employment Type

All positions are on
fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent