The Lead information Security Auditor role is responsible for running the Organization's Information Security & Privacy Audit and Compliance Program.
It involves performing, supporting, reporting and documenting the effectiveness of the program. This is a hands-on position that requires practical experience in the areas of security & privacy audit & risk management.
The candidate is primarily responsible for executing defined security and privacy related audit activities. The auditor also helps in the application of security policies and standards across the company, including but not limited to software engineering, finance, operations, IT etc.
The ideal candidate will have 5-6 years of practical information security, privacy, audit and risk management experience in a regulated environment.
The organization is into a dynamic function, providing the opportunity for significant growth in knowledge and experience in the areas of information security, risk management & privacy.
Primary Responsibilities :
Perform internal audits and ensure compliance against policies and external laws.
Maintain the audit calendar & program and provide periodic reports to stakeholders.
Improve on reporting mechanisms for the audit function
Track remediation of any findings from internal or external assessments.
Manage the audit risk assessment program
Identify security risks and develop solutions to eliminate or minimize risks.
Contribute to the data risk management program
Support the team in risk management activities
Support the vendor risk & client risk management program across the organization
Assist with successful implementation and enforcement of security policies and procedures across old & new technologies / systems / environments.
Participate with the implementation of security initiatives
Support team to implement the GRC initiatives with respect to audit programs
Must have working knowledge of GDPR, BCP-DR
Mandatory skills : Information Secuirty, Risk,PCI-DSS,Audit Requirements
Engineering Graduate in Computer Science, Information Systems, or related field
7-9 years in an Information Security role with progressive experience in the following areas :
Audits and assessments - information security, network security, application security, physical security, privacy etc.
Information or IT risk management and compliance
Knowledge of various standards like ISO 27K, CoBIT, PCI-DSS, etc.
Understanding of Privacy regimes
Moderate-level knowledge of and experience with :
TCP / IP architecture, routing protocols and security
Windows OS, GPO, DNS DHCP and Active Directory security concepts
Solaris and Linux host and network security concepts
Application Security concepts from an audit perspective
MS Office (Word, Excel, PowerPoint)
Excellent organization, communication and presentation skills with the right attitude
Ability to multi-task
General professional writing proficiency
Experience in the financial services industry is preferred
ISO27001 : 2013 Certification Mandatory