Job Description
Technology Risk - Senior
Job Requirements
•Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks
•Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third-party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements.
•Knowledge of security hardening and auditing practices for operating systems, databases, applications, and cloud services; familiarity with common cyber threats and secure SDLC practices.
•Experience assessing risks across diverse business processes and translating them into control requirements, test procedures, and remediation plans.
•Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management.
•Ability to identify control gaps and communicate findings and control redesign recommendations to senior stakeholders; track remediation through to closure.
•Identity and Access Management expertise: user lifecycle, authentication/authorization, privileged access, segregation of duties, and RBAC/ABAC.
•Engagement and team leadership: plan and lead IT audit engagements, manage fieldwork, review deliverables, mentor junior staff, and present results to clients/senior management.
Job Requirements
•Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks
•Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third-party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements.
•Knowledge of security hardening and auditing practices for operating systems, databases, applications, and cloud services; familiarity with common cyber threats and secure SDLC practices.
•Experience assessing risks across diverse business processes and translating them into control requirements, test procedures, and remediation plans.
•Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management.
•Ability to identify control gaps and communicate findings and control redesign recommendations to senior stakeholders; track remediation through to closure.
•Identity and Access Management expertise: user lifecycle, authentication/authorization, privileged access, segregation of duties, and RBAC/ABAC.
•Engagement and team leadership: plan and lead IT audit engagements, manage fieldwork, review deliverables, mentor junior staff, and present results to clients/senior management.
Mandatory technical & functional skills
•Knowledge of security measures and auditing practices within various operating systems, databases and applications.
•Knowledge in NIST CSF , CIS Benchmarks, ISO 27001, CCM, NIST AI RMF, ZTA, AICPA standards
•Prior experience in design and implementation of control frameworks, including documentation, change management, and independent control testing reviews.
•Ability to use Generative AI tools and AI agents for task automation, research, content generation, and operational efficiency. Skilled in designing prompts and utilizing AI agents to streamline business and technical processes.
•Experience in assessing risks across a variety of business processes. Experience in identifying control gaps and communicating audit findings and control redesign recommendations to Sr. Management and Clients.
•Hands on experience of working on IT General Controls, IT Application controls testing, IT Internal Audits, IT Risk Assessments.
Educational qualifications
•BE/B-Tech/MCA/BSC-IT/MBA
•Certifications – CISA, CRISC, CISSP, CCSK etc. cleared/certified preferred
