Manager Audit IT Cyber Security

Job content

Role Description

• Providing assurance to the Audit Committee (AC) of Board of Directors (BOD), the CEO & MD and the Senior Management, on control adequacy and effectiveness on Cyber

Security / Cloud Infrastructure / Network/ Data Privacy & Protection / Operational Technology / IT Controls & Governance / Risk Management for uninterrupted business operations.

• Executing audits, advisory, and other special projects in accordance with the approved audit plan. Auditor shall undertake reviews of the organization’s cybersecurity, cloud

infrastructure, OT, processes and controls to protect its intellectual property, using industry standards as a guide, and provide recommendations for improvementsSkillsReviewing and documenting the existing TSL IT security architecture to determine security posture w.r.t regulatory & contractual requirements & industry best practicesIdentification and categorization of information assets based on confidentiality, integrity and availability (CIA)Identifying associated threats, vulnerabilities and the risk impacts with each of the information assetsSafeguarding the information assets such as – Software, Hardware, Network etc.Reviewing IT Systems controls, Mail Messaging System and Financial Accounting Software, Review management and Change Management control etc.Reviewing security controls at Cloud based Data Centre (DC) and DR centre(DRC).Auditing controls for Operating System and Database Security, and other controls related to backup, DR/ BCP plans, patch management and version control, license control, virus control processes etc.Application Security Audit including Vulnerability Assessment and Penetration Testing, Network Security Testing, Application Security Testing, OT Security Testing etcNetwork resilience and recovery mechanism, control on social media access and data exchange through the same, control on data and information storage and access in cloud etc.Performing configuration audit for all the devices at DC and DRC as per best practicesCreate security policy and guidelines document for user access management, password policy, data exchange with agencies and vulnerabilities mitigation.Testing for security audit cover cross-site scripting (XSS), cross-site reference forgery, SQL injection flaws, input validation flaws, malicious file execution, insecure direct object references, information leakage and improper error handling, broken authentication and session management, insecure communications, failure to restrict URL access, and denial of services etc.Planning & adaptation of Quality Management System (QMS) to changing conditions and maintenance of quality records. Assist Group Head in initiating necessary corrective and preventive action for maintaining the QMS of the division.Conducting audit of assigned activities for IT enabled systems as per the approved Annual Audit Plan, including any special audit/ project assigned by the respective Group Head.Other Details

• Mandatory: BE, B-Tech, BSc (Engineering), ME/MTech, MBA/PGDM, MCA, MSc (Maths, Statistics or Physics)
• Preferred: Exposure to information security and various standards in the form of project experience of one semester or completion of two related courses as a part of the curriculum.
• Preferred: CISA / CEH / CISSP

Desirable: Understanding of NIST / ISO 27001 / CIS frameworkRelevant Experience

• Mandatory: 3 - 4 years in the area of Cyber Security (Network, Cloud, Application Security, OT), threat assessment, use of various cybersecurity / OSINT tools, cyber simulation
• Preferred: Experience with Cloud Environment (IBM, Google, AWS, AZURE), Operational Technology, Data Security, O365, Infrastructure & Application Security, Ethical Hacking, Vulnerability Management.

Preferred: Cyber audit experience.Threshold Skill

• Strong knowledge and experience in domains covering - Vulnerability assessment and penetration testing (VAPT), Risk management, Business continuity, Access and authorization, Web application security, Threat detection (SOC, NOC), Ethical Hacking, Social Engineering, Phishing simulation (email, CH, attachment)
• Exposure on performing vulnerability assessment and penetration testing (black box) including red teaming
• Information systems industry and best practices in network, application and hardware platform security
• Audit and assessment methodologies, procedures and best practices that relate to information networks, systems, and applications

Risk Management, security program policies, processes, standards, requirements and procedures and various supporting security technologies.