Senior IT Auditor

What youll Do

• Conduct InfoSec risk assessments activities via close collaboration with Cloud Technology, Engineering, and other Business Units
• Support the delivery and scaling of the SOX program. Hands on with building and testing of IT General Controls (ITGC) & IT App Business controls
• Plan and carry out technology operations audits, system implementation & integration reviews, M&A compliance efforts, and relevant advisory initiatives with full involvement in planning, fieldwork & reporting.
• Plan and implement business transformations, new system rollouts, and acquisitions compliance activities. Support technology assurance and advisory reviews to address major enterprise technology risks. This includes assessing the adequacy, build, and operational efficiency of technology and internal controls.
• Perform Information Security related assessments to cover domains like User Access management, Network, OS & Application Security, Encryption, Backup Management, Disaster Recovery, Training & Awareness, etc.
• Leverage data analytics, automation & artificial intelligence to support risk assessment, planning, audit procedures, continuous monitoring, and present visualization to support the results.
• Research and stay current on new mentorship / publications / standards and emerging technologies applicable to the InfoSec function.
• Ensure accurate identification and disposition of internal control issues and perform quarterly follow-up on required management actions.
• Prepare accurate, logical, and detailed audit work papers and reports. Ensure overall quality and consistency of audit work. Follow department and professional standards for audits.
• Support and prepare quarterly Audit Committee meetings / presentations / newsletters and other supporting documentation; prepare other CAE/CIO meeting presentations, as needed.

• B.E./B.Tech/MBA in Information Technology, Information Systems, or similar.
• CISA, CISSP, CIA, CPA or similar certification preferred.

Knowledge & Experience:

• Minimum 7-9 years of InfoSec audit experience with an accounting firm or large global public company internal audit.
• Strong Experience in one or more of the following IT audit areas: ITGCs, SAP/ ERP audit, process controls, security, system implementations & integrations, e-commerce, microservices, data analytics, cloud computing (AWS, Azure) or similar.
• Knowledge of common IT technologies (OS, databases, network devices, applications)
• Knowledge of SAP and GRC tools like SAP GRC and AuditBoard is a plus
• Experience in using RPA, analytics, and business intelligence tools (e.g. UiPath, Snaplogic, Tableau, Power BI, etc.)
• Exposure to engagements like Wireless Security audits, Network & Firewalls security reviews, OS & Infrastructure audits, API Security, DLP audits, Ransomware audits, etc.
• Working knowledge of Information Security & Governance frameworks like COBIT, NIST, ISO 27001, and regulatory compliances like SOX, GDPR, PCI-DSS
• Capable of interpreting these requirements and translating them into meaningful considerations for GRC processes, risks management, and controls.

Skills

• Strong organizational and management skills; ability to deliver multiple projects efficiently & prioritize tasks to meet project requirements.
• Outstanding interpersonal, oral, written, and presentation skills with the ability to comfortably communicate to all levels of management.
• Ability and desire to accept ambiguity, problem solve, and deliver solutions in a fast-paced and dynamic environment.
• A goal-focused collaborator with a self-motivated, proactive, and positive can-do attitude.
• Strong EQ to effectively collaborate with people on shared goals.
• Detail oriented, analytical, tech savvy and can navigate through tools, systems and platforms.