Job Details – this job has expired, please see similar jobs below
Company is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm’s employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
The talent and passion of our people is critical to our continued success as a firm. Together, we share four core values rooted in integrity, excellence and strong team ethic:
1. Putting Clients First
2. Doing the Right Thing
3. Leading with Exceptional Ideas
4. Giving Back
Company is committed to helping its employees build meaningful careers and we strive to be a place for people to learn, achieve and grow.
Internal Audit is responsible for validating whether the firm operates in a controlled environment with appropriate risk management processes. Auditors evaluate the adequacy and effectiveness of the firm’s internal controls using a risk-based methodology developed from professional auditing standards. Internal Audit assists in monitoring the firm’s compliance with internal guidelines set for risk management and risk monitoring, as well as external rules and regulations governing the industry.
The department reports directly to the Board Audit Committee and helps verify whether the firm meets all of its fiduciary responsibilities to shareholders, while adhering to corporate governance standards and legal and regulatory requirements. Internal Audit is comprised of Business and Technology auditors. Business auditors focus on understanding the risks that the businesses face and the controls to mitigate those risks. Technology auditors focus on the application controls supporting the business processes, including systems development, application security and entitlements, production management, and technology governance. Both groups are responsible for understanding, analyzing and testing the controls to protect the franchise.
Background on the Position
The role will reside within the Internal Audit’s Global Service Center (GSC) - Technology audit team in Mumbai. The team covers application technology, infrastructure and cyber security audits. Company is seeking a strong candidate to cover, Information Security and Cybersecurity supporting the firm. Cybersecurity Auditors focus on general and infrastructure controls that mitigate cybersecurity risk for the technology supporting the enterprise. The auditor is responsible for understanding, analyzing, and testing the technology controls including those over architecture and configuration, systems development, security and entitlements, production management and governance.
Manage projects and supervise staff on audit assignments with primary focus on cybersecurity
Design and execute risk-based audit programs in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.
Identify and evaluate key cybersecurity risks.
Partner with Application and Business Auditors, and work collaboratively within a team
Maintain ongoing dialog with key stakeholders regarding risks identified and necessary improvements to the control framework.
Provide cybersecurity audit coverage in integrated audits through risk assessments, audit planning, testing and reporting.
Educational & Professional Credentials
Masters/ Bachelor’s in Computer Science, Information Technology Management, Information Security, Technology Risk & Control Assurance etc. from a reputed institute.
Industry relevant certifications like CISA, CISSP, CEH, OSCP etc. will be an added advantage.
Microsoft and Cisco certifications are a plus.
1. Strong verbal and written communication skills
2. Able to present at various level of management
3. Lead and motivate people to achieve results
4. Ability to multi-task between several projects
5. Team player with ability to work independently in a fast-paced environment and within a small team setting.
1. Experience in auditing interfaces, infrastructure, data processing and computer general controls.
2. Strong understanding of industry standards such as the NIST Cybersecurity Framework, NIST 800-53, PCI-DSS, CSA, ISO 27001/02, CIS Top 20 Critical Security Controls (formerly SANS), FFIEC guidelines etc.
3. Technical knowledge of IT systems, including:
Operating Systems (UNIX, Linux, Windows, z/OS)
Networking, including VPN, LAN, WAN, WLAN
Firewalls and associated hardware
Backup and Recovery system
Data Loss Prevention tools, Intrusion Detection and Intrusion Prevention tools
Penetration Testing Tools
Tools such as Splunk, ArcSight, WatchTower
1. Good understanding of threats, vulnerabilities, risk, confidentiality, integrity, availability, cryptography, network security, web-based applications architecture and security, network protocols
2. Experience with Data Analysis using data mining tools
3. Familiarity analyzing results from Penetration testing
4. Practical IT work experience is a plus
5. Scripting and programming experience is beneficial
1. Minimum 8 years of experience across Financial Industry in a Technology Domain
2. 4-5 years of industry-related experience preferably in application security, cloud security, perimeter security, endpoint security (Required)
3. 3-4 years of industry-related IT audit experience (Required)
4. 2-3 years of Project Management experience
5. General understanding of the internal audit processes (e.g., risk assessments, planning, testing, reporting and continuous monitoring) (Required)
Sign up and search through 66,406 curated jobs in the Finance & Investment Edition: