Information Systems Auditor
3 years ago
Skills: ISO 27001 and/or PCI-DSS (Atleast 2Yrs)
- 5 years of experience in Audits and Risk assessment services of IT infrastructure, Applications, IT processes, Business Continuity and Governance.
- Must have at least 2 years of ISO 27001 and/or PCI-DSS audits of Information Systems in a medium to large sized enterprises.
- Experience in reviewing business process for information security risk will be a plus.
- Candidate should have hands-on experience in Test of design controls and Test of operating effectiveness review of IT operational controls.
- Candidate should be familiar with Technical Security controls of Identity & Access Management, Network, Server, Application and process controls reviews.
- Must have experience in conducting risk assessment of business and support applications.
- Must have experience in preparing quality audit reports.
- Excellent written, oral communication and presentation skills.
- Excellent organizational, communication and interpersonal skills.
- Ability to work independently or as part of a team.
- Developing project plans, work programs, evaluating IT.
- Systems controls, documenting results, making recommendations and communicating information to stakeholders.
- Conduct Information System audits for regulated entities as per the schedule.
- Review/Assess the security architecture, IT security controls for compliance against published framework and standards.
- Audit IT processes including change management, configuration management, backup management, identity & access management, capacity management and security incident management.
- Review the Information System Management System (ISMS), Business Continuity Plan including Disaster Recovery activities carried out by the regulated entities.
- Review of draft reports for improving quality of the Audit reports.
- Develop and maintain audit checklist and documents.
- Manage all audit related documentation and records.
- Keep updated with latest threats and vulnerabilities researched/discovered.