Job
Description
Understanding on Control frameworks such as COSO, internal control principal and related regulations including SOX and J-SOX. Common IT governance and Assurance standards including NIST, COBIT, Risk IT, ITIL and third-party reporting standards as SSAE16. Understanding on independent and risk based operational audits such as Software Development Life Cycle (SDLC), Business Resilience, Cybersecurity audits, Data privacy and data protection audits, Network security audit. Understanding and hands-on experience on data analysis tool such as Tableau, Power Bi, python etc. Conduct performance reviews and contribute to performance feedback for staff. Adhere to the Code of Conduct. The Code of Conduct sets the standards of behaviour, actions, sand decisions we expect from our people. Participate in IT Risk and Assurance engagements. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Help prepare reports and schedules that will be delivered to clients and other parties. Develop and maintain productive working relationships with client personnel. Responsible for managing reporting on assurance findings and ensure control owners take remediation action as required. Identify, lead, and manage the continuous improvement of Internal Controls through implementation of continuous control monitoring and automation. Obtain and review evidence of compliance for adherence to standards. Key domains of compliance controls, including change management, access to system, network and Data, computer operations and system development. Stay current with and promote awareness of applicable regulatory standards, upstream risk, and industry best practices across the enterprise. Skills and attributes for success Experience in application controls and Information security experience. Understanding of risk management systems and processes Ability to build relationships with key stakeholders across different levels of seniority. Strong written and verbal communication skills To qualify for the role, you must have. Preferably bachelor s degree in (Finance/Accounting, Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA Minimum of 3-4 years of experience in internal controls and Internal Audit Enterprise risk services with specific focus on IT and related industry standards IT Risk Assurance framework Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX Preferred security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems. Familiarity with IT analysis, delivery, and operations methods, including SDLC and CM Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT Experience of security testing methods and techniques including network, operating and application system configuration review Application controls and security experience sensitive access and SOD testing controls testing Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc. Preferred Certifications CISA
