Audit Lead

Job Description

Security and Compliance Assistant/Lead

We are looking to strengthen our Compliance posture by building a robust team. You will be responsible for working with individuals across the organization to assess the IT General Controls (ITGC) for design and operational efficiencies. This role primarily focuses on determining the control effectiveness of ITGC and supporting the Internal Audit assessment conducted on the Business Integrated Solutions department. A successful candidate will be a self-starter, problem solver, work independently with minimal oversight, and have attention to detail.

Role Purpose: To govern and manage the risk assessment, remediation, and monitoring of information and technology process risks.

• Ensure strong governance on risk and compliance performed by various control functions.
• Manage risk assessment, remediation, and monitoring of information and technology process risks.
• Serve as an internal risk consultant to operating functions and business lines.
• Identify, assess, quantify, report, communicate, mitigate, and monitor process risks.
• Support the implementation of information security policies.
• Discuss risk closure, mitigation, and acceptance with stakeholders.
• Collaborate with control functions to track and mitigate identified risks.
• Review and refine policies and processes based on industry best practices.
• Track identified risks and ensure their closure within defined timelines.

• Participate and lead walkthrough meetings with process owners.
• Evaluate control evidence provided, validate the evidence for completeness, validity, and accuracy.
• Determine testing conclusions around the design and operating effectiveness of controls.
• Manage audit activities for the technology function.
• Manage risk control activities, conduct walkthroughs, liaise with auditors for relevant evidence, and review audit artifacts for adherence.
• Perform sample verification to check the authenticity of documents.
• Conduct root cause analysis on identified risk events to recommend improvements to prevent recurrence.

• Monitor sampling percentages and turnaround times as per predefined parameters across products for various applications and businesses.
• Prepare corrective and preventive actions.
• Knowledge of SOX Audit.

• B.E in Computer Science/Information Technology or equivalent qualification.
• Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits.
• Solid understanding of Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, NIST Control, etc.
• Understanding of Security incident response aspects is desirable.
• Good analytical, problem-solving, and interpersonal skills.
• Industry-recognized certification in information security such as CISSP, CISM, CISA, etc.

• Any bachelor's degree with a preference for a technical degree.
• 4-6 years of experience in ITGC execution, testing, internal audits, or external audit functions.
• Ability to work independently and manage deliverables on time.