Summary

We are looking for a motivated and skilled professional to join our DDIT ISC Governance Independent Control Assessments team as a Sr. Specialist. This role involves performing Control Assessments (CAs), identifying deficiencies, and reporting risks. The Sr. Specialist will also be integral in tracking risks and supporting initiatives beyond routine assessments. Furthermore, the individual will assist in developing and delivering awareness sessions and trainings related to Control Assessments.

About the Role

Job Description/ Major Responsibilities

• Conduct Control Assessments and assist in IT Compliance Services delivery across different assets, including in-house applications, SaaS systems, mobile apps, technical platforms, OS, and databases.
• Identify control deficiencies and potential risks during assessments.
• Track and monitor remediation progress.
• Help develop and update awareness sessions/trainings and deliver mandatory trainings to keep the team informed on control requirements and best practices.
• Assess complex technology risks and internal controls, identifying opportunities for improvement.
• Contribute to audit efficiency through automation and continuous control monitoring.

• Number of assessments done versus planned according to defined service levels.
• Identified deficiencies and potential risks from the assessment.
• SMART criteria used for defining recommendations and remediation actions.
• The 4-eyes principle is applied to ensure peer review, with report quality assessed against expected standards.

• Bachelor's degree in computer science, Information Systems, Accounting, or a related field. Advanced degree (Post Graduation) preferred.
• Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or similar credentials preferred.

• Minimum of 5 years of experience in IT audit, IT risk management, IT compliance, or a similar role.
• Strong understanding of SOX compliance requirements, internal control frameworks (e.g., COSO), and IT auditing standards (e.g., COBIT).
• Knowledge of IT systems and processes, including system development life cycle (SDLC), IT infrastructure, and cybersecurity.
• Knowledge of SOC Compliance (SOC1/SOC2) and skill in analyzing findings.