Responsibilities:
Audit Execution:
- Conduct audits of Information Systems / Information Security, including process reviews, application control and functionality reviews, BCP/DR testing, and regulatory compliance.
- Execute planned and ad-hoc audits according to schedules and audit/ISO standards.
- Review compliance on audit reports submitted by auditee units and follow up on closure within prescribed timelines.
Quality & Risk Assessment:
- Ensure depth and quality of audit reports through root cause analysis.
- Provide actionable recommendations for process improvement and risk mitigation.
- Utilize off-site audit techniques, including data mining, to identify potential risks.
Reporting & Stakeholder Management:
- Prepare detailed audit reports with findings, implications, and corrective action recommendations.
- Submit timely updates to internal and external stakeholders, supporting compliance teams during RBI or other regulatory audits.
- Plan the audit calendar based on residual risk assessment and defined methodology.
Technical & Systems Expertise:
- Audit IT infrastructure, databases, operating systems, network architecture, and application controls.
- Apply Computer Assisted Audit Techniques (CAATs) and evaluate Information Security governance frameworks.
- Assess Business Continuity and Disaster Recovery frameworks.
Professional Development & Collaboration:
- Continuously update knowledge through trainings and industry readings.
- Coordinate with IT stakeholders, ensuring professionalism and clarity in communication.
- Work independently or collaboratively to contribute to audit and organizational objectives.
