Job Vacancies at Interswitch

Reporting to the Head Information Systems Audit, the Team Lead, Security Operations Audit will lead individual assigned internal audit engagements, focusing on Information Security Systems and Operations, which support various processes, products, and functions across the company. The role requires assurance on the effectiveness and efficiency of Information Security Risk Management, Control and Governance process within the organization and subsidiaries, to achieve strategic and business objectives. The individual will provide assurance that Information Systems and Cybersecurity risks are properly identified, measured, controlled monitored and within the organization’s risk appetite, The individual will execute IT security audits testing across systems and platforms, and also work with other internal audit staff or co-sourcing staff to deliver audit assignments through planning, execution, reporting, audit close-out, and follow-up phases in line with the internal audit methodology.

Responsibilities

• Participate in the Audit of the Business’
•  Cyber Security Programs and Strategies  Implemented Security Governance  Existing Security Architecture  Security configurations & Infrastructure and  Security Incident and Event Management  Security Standards and Frameworks  Interfaces, web services and APIs  Vulnerability Assessments, Penetration Testing and  Security Operations Centre
• Prepare timely, accurate and complete audit query and other audit work papers in line with the Internal Audit Methodology
• Carry out assigned special investigation into cyber security related breaches, system outages or attacks
• Participates in the audit SIEM and other emerging security solutions deployed by the Business to ensure protection against a wide range of threats and vulnerabilities
• Executes the audit of the following standards:  ISO 27001 - Information Security Management Systems  ISO22301 – Business Continuity Management Systems  PCIDSS - All in-scope departments
• Executes 3rd Party Risks Audit
• Executes Data Protection Audits (NDPR, GDPR)
• Participates in the review of Cyber-Security Risk Framework, Operational Risk Management and other related Frameworks/policies
• Carries out planned/ad-hoc activities to ensure the audits are performed in line with Internal Audit Methodology and relevant professional standards
• Participates in Operational Risk process reviews to ensure Control and Security Operations team’s compliance with Operational Risk Governance Framework
• Ensures the currency of Governance, Risks and standards audit procedures/checklists given the proliferation and complexity of Information and communication technologies
• Participates in the follow-up to ensure Management’s timely regularization of audit exceptions
• Assist audit staffs in performing complex analysis in audits and reviews
• Perform other functions as assigned by the Head, Information Systems Audit

Requirements

• Competencies
• Security Operations Audit
• Data analysis skills
• IT Risks, threats, and vulnerabilities
• Information and Cybersecurity Risks
• Cybersecurity Frameworks and Standards
• Data Privacy Regulation
• Application Security
• Database and Network Security
• Business communication and presentation skills
• People skills
• Governance, Risks and Compliance Frameworks
• Security and Forensic Investigations
• Enterprise Security Architecture Framework(s)
• Experience & Qualifications
• Bachelor’s and/or Advanced degree in Computer Science or any related disciplines
• Professional certification (CISA, SCCP, CCSA, CRISC, CISSP, CEH, ISO 27032, ISO 22301 & ISO 27001, ISO 20000, COBIT 5, CCISO etc)
• 7 - 9 years relevant experience in IT audit and IT security audit, including 3 years managing others in a supervisory position
• Prior experience working in fintech or payment services firm; Big 4 professional service firm; banking or other financial services firm, technology firms etc will be an advantage
• Hands-on experience in IT risks, control, and security auditing; IT general controls and IT application controls auditing; and IT security audit
• Experience in Blockchain Capabilities, ITGC, Integrated Management Systems Audit, SQL, Virtualization, Cloud, Big Data, Retail payment systems, AIOps, Dev|Ops, etc
• Good understanding of the latest IT auditing techniques and use of tools Complex problem-solving skills and ability to work under pressure

go to method of application »

Job Description

• Reporting to the Head Information Systems Audit; the Team Lead, Information Systems Audit will lead individual assigned internal audit engagements, focusing on Information technology systems, which support various processes, products, and functions across the company.
• The role requires the requisite IT audit competencies by using approved audit methodology to ensure IT Infrastructure standards, policies, guidelines, and procedures are being implemented by IT management to enable availability of IT services; to support the business objectives.
• The individual will provide assurance over the effectiveness of controls on the business’ technical infrastructure; executing IT systems audits testing across systems and platforms, and working with other internal audit staff and/or co-sourcing staff to deliver audit assignments through planning, execution, reporting, audit close-out, and follow-up phases in line with the global practices.

Responsibilities

• Lead and participates in the periodic audit of the Business’ Disaster Recovery Infrastructure to ensure its availability and adequacy when the main production facility becomes unavailable
• Represents the Department in Information Technology related projects for quality assurance purposes and provide report to on progress and risk management
• Audit of all IT Operations (Including Enterprise Data Backup & Restore, Physical & Environmental Controls, SLA, Staff, training, etc)
• Prepare timely, accurate and complete audit query and other audit work papers in line with the Internal Audit Methodology
• Carry out assigned investigations of frauds connected to the use of channels and systems
• Participates in the audit of the Business’ Network and Telecommunications Infrastructure to ensure protection against a wide range of threats and vulnerabilities
• Assists in the review of the Business’ Firewalls, Core Switches, Routers, Intrusion Detection and Prevention Systems to ensure they are adequately configured to prevent intrusions into the organization’s networks
• Executes audit of Messaging Infrastructure (Exchange clients and Servers) to ensure security and efficiency
• Participates in the review of Virtualization Infrastructure to ensure security and availability of the virtualized layer
• Participates in the audit of Antivirus, patch management and other emerging technologies as deployed by the Business
• Participate in the annual Enterprise Information Technology and Governance Audit using COBIT5 standards

Executes the audit of the following standards:

• ~ ISO22301 – Business Continuity Management Systems ~ ISO20000 – Service Management ~ ISO9001 – Quality Management Systems Executes IT Outsourced Service Providers audits
• Participates in the review of E-Risk Management Framework, Operational Risk Management, and other related Frameworks/policies
• Carries out planned/ad-hoc activities to ensure the audits are performed in line with Internal Audit Methodology and relevant professional standards
• Participates in Operational Risk process reviews to ensure Technology Operations team’s compliance with Operational Risk Governance Framework
• Ensures the currency of Governance, Risks and standards audit procedures/checklists given the proliferation and complexity of Information and communication technologies
• Participates in the follow-up to endure Management’s timely regularization of audit exceptions Assist audit staffs in performing complex analysis in audits and reviews
• Perform other functions as assigned by the Head, Information Systems Audit

Requirements
Experience & Qualifications:

• Bachelor’s and/or Advanced Degree in Computer Science or any related disciplines
• Professional certification (CISA, CRISC, ISO 27001, ISO 22301, ISO 20000, PCIDSS etc) Other general IT certifications is a good advantage
• 7 - 9 years relevant experience in IT Audit including 3 years managing others in a supervisory position
• Prior experience working in fintech or payment services firm; Big 4 professional service firm; banking or other financial services firm, technology firms etc will be an advantage
• Hands-on experience in IT risk and control auditing; IT general controls and IT application controls auditing; and IT security audit
• Experience in Blockchain Capabilities, ITGC, Integrated Management Systems Audit, SQL, Virtualization, Cloud, Big Data, Retail payment systems, AIOps, Dev|Ops, etc
• Good understanding of the latest IT auditing techniques and use of tools
• Complex problem-solving skills and ability to work under pressure

Competencies:

• IT Audit
• Data analysis skills
• IT Risks, threats, and vulnerabilities
• IT Security
• Application controls
• Database and network controls
• Business communication and presentation skills
• People skills
• Governance, Risks and Compliance Frameworks
• Digital and Network Forensic Investigation
• Database Management, Operating Systems, Messaging, Networking, Storage Area Networks and Security Devices)
• Enterprise Architecture Framework