10 It Audits Jobs

Exposure to Manage IT functions involving Infrastructure and Application. SAP/ Business One Administration Handling, Managing, Maintain and controlling the entire SAP Platform including Enhancements. Business Continuity and Disaster Recovery. Required Candidate profile Knowledge on Active Directory,DNS,Group Policies creation,DHCP servers designing Knowledge about Information Security Management System (ISMS ISO27001:2022) Exp. in Business Process automation exp.

Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Key behavioral attributes/requirements Ability to work well independently as well as part of a team Driven and enthusiastic with a can-do attitude and a strong sense of ownership to get the job done in a pragmatic fashion

If you are interested in Information Risk Management (IRM) and desire to sit into the drivers seat where we provide assurance to the organization on the risks we carry in IT world, IDT Assurance Services (IAS) is the team you would want to be in. Join our IAS team, where it is a great opportunity for those looking to develop IT Risk review/audit skills. This role is in the CISO / IDT Assurance / IDT Assurance Services organization. What's the role As a Snr IDT Assurance Advisor, your role is pivotal in fortifying the IT risk environment. You will conduct comprehensive risk management reviews, identify gaps and meticulously track remediation progress. Your key responsibilities include: Conducting Assurance Reviews : Perform thorough assurance reviews on projects and topics to enhance risk management practices. Regulatory Monitoring : Stay vigilant about new regulatory requirements and changes, proposing necessary adjustments to current risk reviews to ensure management receives accurate assurance. Risk Management Advisory : Provide expert advice to IT operations on risk management and contribute to the development of remediation plans for any identified control deficiencies. Collaboration with BIRMs/Business Focals : Work closely with Business Information Risk Managers (BIRMs) and business focal points to identify, assess, and review risks. ESSA Initiatives : Lead ESSA (Enterprise Security and Systems Assurance) initiatives related to assurance services, ensuring regular and accurate reporting. Oversight of Tools and Reports : Oversee the accuracy and relevance of tools and reports used by the team and stakeholders, making updates based on evolving business needs. Adherence to Assurance Plan : Ensure strict adherence to the approved assurance plan and provide detailed reporting on its execution. What you'll be doing This role demands a high level of expertise in IT security and risk management, with a focus on proactive risk management and continuous improvement. Responsibilities : Provide comprehensive assurance to the organization regarding IT risks. Continuously monitor new regulatory requirements and develop a robust assurance plan for the organization. Define and establish criteria for assessing information risks. Support the ITGC Testing Lead, especially during peak periods, to ensure seamless operations. Collaborate with cross-functional teams to enhance the overall risk management framework. Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Stay updated with industry best practices and integrate them into the organization's assurance strategies. Opportunity : Leadership and Influence : Youll be in a pivotal position to shape the organizations approach to IT risk management, providing assurance and influencing key decisions. Broad Scope : Beyond IT General Controls (ITGCs), youll have the chance to identify and mitigate risks in various areas, broadening your expertise and impact. Regulatory Insight : By continuously monitoring new regulatory requirements, youll stay at the forefront of industry standards and help the organization remain compliant and competitive. Strategic Development : Youll define and establish criteria for assessing information risks, contributing to the strategic development of the organizations risk management framework. Collaboration : Working with cross-functional teams will enhance your collaborative skills and allow you to contribute to a comprehensive risk management strategy. Support and Mentorship : Supporting the ITGC Testing Lead, especially during peak periods, will provide opportunities for mentorship and leadership within the team. Overall, this role offers a dynamic and impactful career path in Information Risk Management, with opportunities to lead, innovate, and collaborate across the organization. As the energy industry transitions to cleaner forms of energy, Shell is actively leveraging technology across its business. This exposes us to risk in Information security and regulatory requirements that come along with it. Snr. IDT Assurance Advisor plays a vital role in ensuring compliance with IRM policies and standards. This role involves delivering Assurance services and driving improvement projects, and developing assurance capabilities. Effective collaboration with stakeholders, managing impact from Shell-wide projects, and staying informed about internal policies and external risks are key challenges. What you bring Experience : 8+ years' experience in IT audits, ITGC testing, or conducting risk assessments/reviews. Monitoring regulatory changes, assessing organizational readiness, and providing assurance to management. Education : Academic Background : Bachelors Degree in Technology is required; a postgraduate degree is highly desirable. Certifications : Preferred certifications include those in IT security and Risk Management. Technical Skills : Comprehensive knowledge of information risk management and related processes. General knowledge of IT security standards (e.g., ISO 27001, COBIT). Certifications: ISO 27001, CISA, CRISC. Familiarity with widely used applications (e.g., SAP, Power Platform, Cloud). Continuous improvement mindset and project management experience. Soft Skills : Proactive problem-solving : Identify upcoming challenges and propose solutions. Learner Mindset : Professional curiosity and eagerness to learn. Highly motivated team player : Volunteer support and collaborate effectively. Prioritization skills : Handle multiple tasks simultaneously. Interpersonal skills : Communicate clearly and build relationships across stakeholders.

Minimum Qualifications Bachelors degree in Information Systems, Computer Science Engineering B.E., B. TECH, M. TECH, MCA, BCA, CA, MBA Experience of business experience in technology audit, risk management, compliance, consulting, or information security including acting in the capacity of a supervisor Excellent knowledge of IT General Controls, automated and security controls Knowledge of security measures and auditing practices within various operating systems, databases and applications Experience in auditing financial applications, cyber security practices, privacy and various infrastructure platforms such as Unix, Linus, Windows, SQL Server, Oracle Databases Knowledge and concepts of auditing of cloud platforms (AWS, Azure and Google Cloud) Experience designing continuous auditing and monitoring tools and techniques is a plus. Good understanding of CoBIT 5 Domains of Access Management, SLDC & Change and Computer Operations and Control Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls (ITAC) Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Management/Clients Functional knowledge of major ERP suites (likeSAP, Dynamics, Oracle EBS, Peoplesoft) Understanding of audit concepts and regulations Required overall experience in testing/reviewing and implementation of ITGC controls, CoBit 5 and developing COSO framework Imparting trainings across multiple IT Audit domains Candidates with 4-8 years of relevant experience in similar role, preferably with a Big 4” or equivalent Chartered Accountant (would be added advantage) Certification(s) preferred: CISA / CISM / CRISC / CISSP / ISO 27001 LA certification

Exp Project planning, implementation, Testing for Internet, MPLS SDWAN and Voice Project- Avaya , Genesys Cloud technologies- Azure, AWS Excel, PPT, Visio, Ms Project plan and project management tools Handling Global clients- US, UK, AUS, ME, APAC Required Candidate profile Ensure network security and compliance with industry standards. Provide technical support, guidance to internal teams. Servers & server roles. Knowledge and understanding of LAN ITIL framework Perks and benefits Perks and Benefits

Role: Senior Manager - IT Security Job Description Develop, implement, and manage strategic, comprehensive enterprise information security and IT risk management program. Make a risk assessment of companys systems, networks, and data to prevent it from being accessed (viewed by unauthorized personnel, data corrupted, or data lost) Define Risk Management framework and implement across the enterprise business functions. Define and Implement IT and Security policy, processes, and procedures. Measure the KPIs and drive for continuous improvement. Interact with all stakeholders to ensure the consistent application of policies and standards across all technology projects, systems and services. Partner with business stakeholders and user community across the company to raise awareness of risk management concerns. Define, Implement and review compliance of security risk for multi-vendor IT environment, collaborate with the IT partner on the development of network configuration requirements and network infrastructure & security process development and deployment efforts. Implementing the security control and ensuring IT related security pertaining to data theft, website, misuse of Company informations resources, etc on user devices. Security assessment, validation & clearance of developed /acquired applications for production launch. Assist with the overall business technology planning, providing a current knowledge and future vision of technology, cloud security and systems aligned to security framework. Managing the daily operation and conducting continuous assessment of current IT security practices and systems and identifying areas for improvement. Implement and maintain compliance of security requirements for new products/services. Devising strategies, solutions and implementing security solutions and minimizing the risk of cyber-attacks. Lead Implementation of security products and solution across organization Implement and comply with parent firm's (Brookfield) standards on Security, IT Acts/ISO and other IT statutory requirements. Determines security violations and inefficiencies by conducting periodic audits. Conduct Investigations and forensics for any breaches dealing with those responsible and planning to avoid repeats of the same crisis. Lead the various internal and external IT/Security audits and ensure all compliances are met. Lead various Internal, External IT and security audits. Ensure compliances are met. Preparing CyberSecurity roadmap and assisting for all CyberSecurity compliances requirement. Mandatory Requirement Experience of 10-12 years in area of IT Infrastructure, Network, Security, IT Audits, Compliance and Risk Management in IT/Telecom Industry Excellent Knowledge of Cyber Security, risks, threats in infrastructure, network, Cloud and Data Center Technologies Experience of various security solutions such as SIEM, IPS, NAC, DLP Good understanding of Security technologies for private and public cloud Thorough Knowledge of IT and Security processes implementation and compliances Knowledge of information and network security principles, with a major focus on information, network & application security risks and impact.

Job Title: Divisional Risk and Control Analyst TDI Controls Testing & Assurance, AS Role Description Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Infrastructure Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO). Infrastructure Divisional Control Office (IDCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The IDCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies. (Technology Data & Innovation) TDI Control Testing & Assurance team part of IDCO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI Control Testing & Assurance team. Your key responsibilities Perform Control Testing in line with Control Testing methodology/minimum standard Identify control deficiencies (findings), risks related to elements of controls, participate in findings agreement with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary Prepare Control Testing workpapers for senior management detailing testing results, document findings with highest quality Track Control Testing identified findings, perform required follow-up on open findings Consider regulatory and internal firm policy requirements as well as established best practices for control assurance. Support controls assurance activities Support in monitoring Control testing teams adherence to Control Testing methodology/minimum standards Support, contribute in managing Control Testing vendor resources, where applicable Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle Build and maintain solid working relationships with key stakeholders such as within the DCO, IDCO, TSCO, GTI and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA) Your skills and experience University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security. Professional/industry recognized qualifications e.g., CISA, CISSP, CISM, CRISC are beneficial. Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e.g., CCSP, CCSK will be an advantage Good knowledge of auditing IT application controls, e.g., from IT audits or IT risk management. Understanding of the relationship between IT risk and underlying business process risk. Knowledge of regulations governing financial institutions is beneficial. Strong written and verbal communication skills and the ability to communicate effectively in conflict situations. Strong organizational skills and attention to detail. Ability to work under pressure, multi-task and prioritize workload. Strong analytical skills and structured thought process with the ability to clearly articulate control deficiencies and related risk Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects. This is an IC (individual contributor) role.

Divisional Risk and Control Analyst TDI Controls Testing & Assurance, AS Role Description Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Infrastructure Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO). Infrastructure Divisional Control Office (IDCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The IDCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies. (Technology Data & Innovation) TDI Control Testing & Assurance team part of IDCO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI Control Testing & Assurance team. Your key responsibilities Perform Control Testing in line with Control Testing methodology/minimum standard Identify control deficiencies (findings), risks related to elements of controls, participate in findings agreement with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary Prepare Control Testing workpapers for senior management detailing testing results, document findings with highest quality Track Control Testing identified findings, perform required follow-up on open findings Consider regulatory and internal firm policy requirements as well as established best practices for control assurance. Support controls assurance activities Support in monitoring Control testing teams adherence to Control Testing methodology/minimum standards Support, contribute in managing Control Testing vendor resources, where applicable Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle Build and maintain solid working relationships with key stakeholders such as within the DCO, IDCO, TSCO, GTI and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA) Your skills and experience University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security. Professional/industry recognized qualifications e.g., CISA, CISSP, CISM, CRISC are beneficial. Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e.g., CCSP, CCSK will be an advantage Good knowledge of auditing IT application controls, e.g., from IT audits or IT risk management. Understanding of the relationship between IT risk and underlying business process risk. Knowledge of regulations governing financial institutions is beneficial. Strong written and verbal communication skills and the ability to communicate effectively in conflict situations. Strong organizational skills and attention to detail. Ability to work under pressure, multi-task and prioritize workload. Strong analytical skills and structured thought process with the ability to clearly articulate control deficiencies and related risk Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects. This is an IC (individual contributor) role.

Divisional Risk and Control Analyst TDI Controls Testing & Assurance, AS Role Description Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Infrastructure Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO). Infrastructure Divisional Control Office (IDCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The IDCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies. (Technology Data & Innovation) TDI Control Testing & Assurance team part of IDCO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI Control Testing & Assurance team. Your key responsibilities Perform Control Testing in line with Control Testing methodology/minimum standard Identify control deficiencies (findings), risks related to elements of controls, participate in findings agreement with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary Prepare Control Testing workpapers for senior management detailing testing results, document findings with highest quality Track Control Testing identified findings, perform required follow-up on open findings Consider regulatory and internal firm policy requirements as well as established best practices for control assurance. Support controls assurance activities Support in monitoring Control testing teams adherence to Control Testing methodology/minimum standards Support, contribute in managing Control Testing vendor resources, where applicable Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle Build and maintain solid working relationships with key stakeholders such as within the DCO, IDCO, TSCO, GTI and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA) Your skills and experience University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security. Professional/industry recognized qualifications e.g., CISA, CISSP, CISM, CRISC are beneficial. Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e.g., CCSP, CCSK will be an advantage Good knowledge of auditing IT application controls, e.g., from IT audits or IT risk management. Understanding of the relationship between IT risk and underlying business process risk. Knowledge of regulations governing financial institutions is beneficial. Strong written and verbal communication skills and the ability to communicate effectively in conflict situations. Strong organizational skills and attention to detail. Ability to work under pressure, multi-task and prioritize workload. Strong analytical skills and structured thought process with the ability to clearly articulate control deficiencies and related risk Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects. This is an IC (individual contributor) role.

Location- Bangalore, Hyderabad, Kolkata, Kerala, Pune, Noida, Gurgaon Exp- 3-6 Years To qualify for the role, you must have A bachelors or masters degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Risk Assessment – Assessment of internal processes to identify security findings, vulnerabilities, and control gaps/deviations identified on applications and infrastructure. Develop risk control matrix in line with COBIT, ISO, NIST and ITIL Best Practice and recommendations. Asses. Control Monitoring / Testing - Understanding of Cyber and compliance standards like PCI, ISO27001, perform test the design and operational effectiveness of the controls. Control Automation – Identify controls automation opportunities through analytics platform to monitor the operational effectiveness on the regular basis. Defect / Gap Identification: Identify the confidentiality, integrity and the availability related deficiencies in the client environment and evaluate against industry standards. Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, ISO 27001, and others (as relevant)