IT Audit Consultant

Job Description for IT Project Audit Consultant:

• Responsible for supporting the Head of IT Audit in providing internal audit services for IT‑related processes/controls. Undertake technology audits, IT project assignments and ad‑hoc review work for allocated assignments.
• Conduct IT project reviews (for SDLC and Agile) and liaise with various internal and external stakeholders such as IT, Business, Operations, and Vendors as an independent oversight to ensure compliance with regulatory requirements, IT standards and project governance to adhere to budget/costs, timelines, project objectives, specifications, and requirements.
• Comprehend banking processes to identify any gaps and report them with demonstrated evidence of impact to the organization. Ensure that appropriate corrective actions are tracked to closure.
• Participate in governance forums to represent independent oversight and add value by enhancing control gaps.
• Review development and implementation of regulations, policies, and procedures throughout the project life‑cycle to ensure that all systems and processes meet required levels of compliance. Review development of quality assurance processes for improvement of new and existing systems to maximize overall quality of software products and information systems.
• Assess design, development and testing processes for IT systems. Review logical access of IT systems and high‑level credentials. Review and test implementations of IT systems and internal processes to maximize efficiency and effectiveness. Identify areas for improvement within the organization’s IT infrastructure and applications.
• Perform reviews in Cybersecurity, General IT Controls, IT Governance Framework, IT Service Resilience, Cloud‑hosted services, Change Control Management/Continuous Integration/Deployment, Data Leakage, Information Security Requirements of Regulatory Authorities, Network Security, Agile Methodology, and security solutions (e.g., DLP, WAF, firewall, network access control, IPS/IDS, proxy server, SIEM).
• Review and assess IT security risks to data, software and hardware such as encryption protocols, key management, ensuring data security in transit and at rest. Assess physical and technical security risks and conduct interviews for fitment to engagement requirements such as vulnerability assessments, penetration testing, and security configuration reviews.
• Review IT security systems to ensure security measures are in place and working as intended (firewalls, anti‑virus, threat detection and prevention systems). Review IT security and emergency measures policies, procedures, incident response plans, and test the effectiveness of security measures in response to cybersecurity events and incidents.
• Test effectiveness of IT operations for preventive procedures such as maintenance and batch processing of IT systems. Investigate IT incidents including cyber‑attacks for intrusions and unauthorized activities.

• Bachelor’s Degree with at least 10+ years of experience working in IT audits and project reviews in banking or financial institutions.