3+ IT audit Jobs in Pune | IT audit Job openings in Pune

Position: IT Auditor

Experience: 4-12 Years

Location: Pune

Key Skills Required:

CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker

Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,

 

 

IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
•    Evaluate IT systems, processes and projects in place;
•    Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
•    Ensure information management processes are in compliance with IT-specific laws, policies and standards;
•    Determine inefficiencies in IT systems, IT projects and associated management processes and
•    Consult in IT projects, new initiatives and organizational frameworks.

Description

 

Audit Planning

1)    Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2)    Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3)    Participate in the preparation of work program

Audit Process

1)     Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2)     Request and collect relevant audit data for analysis from respective business areas.
3)     Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4)    Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5)    Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6)    Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7)    Prepare the draft audit report and submit the same to the  IT Audit Manager and the Head of IT Audit India Hub for review.
8)    Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9)    Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10)    Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11)    Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12)    Relevant knowledge is shared among the team members.
13)    Consult in IT projects, new initiatives and organizational frameworks.
14)    Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15)    Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16)    Evaluate IT systems, processes and projects in place.
17)    Determine inefficiencies in IT systems, IT projects and associated management processes.

Key Responsibility Areas:

Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex Web applications, operating systems, wired and wireless networks, and mobile applications/devices Delivering targeted and intelligence led security penetration testing through a robust testing methodology and process Craft and develop scripts, frameworks, tools, and the methods required for facilitating and executing sophisticated charges, emulating malicious actor behavior sought at avoiding detection Conduct security assessments on a wide variety of technologies and implementations Develop and maintain security testing plans Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology Automate penetration and other security testing on networks, systems and applications Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators Foster and maintain relationships with key stakeholders and business partners

Required Skills:

2 to 6 years of experience in information security with web application and network penetration testing experience Fluent in common cyber security domains such as cloud security, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence Strong understanding of OWASP top 10.

Experience or knowledge of IT security risk assessments and gap analysis In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Hands on experience with testing frameworks such as the PTES and OWASP Experience of functional testing, UI/UX testing and manual testing, Load, Performance testing across multiple browsers and devices Hands-on experience in designing and writing test automation scripts using test automation frameworks and knowledge on API Testing Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud

Qualification: Masters/Bachelor’s Degree

 

 

Security Architectural solutions, designing, Security Analysis, Infrastructure architecture, Application architecture, DevSecOps and cloud understanding, Threat Modelling, Penetration testing, Governance Risk & Compliance