Airtel Payments Bank Looking for Information System- Audit at Gurugram, Haryana, India

Purpose of the Job

The incumbent will be responsible for conducting/monitoring Information Systems audit for the bank.

Responsibilities

1. To carry out Information System (IS) Audit planning using the Risk Based Audit Approach. The approach would involve aspects like IT risk assessment methodology, defining the IS Audit Universe, scoping and planning the audit, execution, and follow-up activities.
2. To assist in the preparation of the annual IS Audit Plan and strategy (based on the scoping document, risk assessment, in compliance with appropriate external regulatory/legal requirements and well-known IS Auditing Standards) for being put before the Audit Committee for approval.
3. Handle independent execution of IS audits and IT Application audits within the bank and Vendor onsite/offsite IS audits; IT/IS Audit review for services provided by a third party for the controls within them forming part of the bank’s information systems.
4. Would be responsible for follow-up and closure on ATR (Audit Tracking Report).
5. To assist in reporting on the status of planned versus actual IS audits, and any changes to the IS audit plan (to be presented periodically to the Audit Committee and Senior management).
6. To establish a quality assurance process (e.g., interviews, customer satisfaction surveys, assignment performance surveys, etc.) to understand the auditee’s needs and expectations relevant to the IS audit function.
7. Close coordination and oversight on the work performed by external IS audit partners appointed for execution of parts of the audit plan.
8. To promote and enhance utilization of CAATs to increase the efficiency and effectiveness of the audit.
9. Assist in initiatives taken by Internal Audit and special projects.

Key Competencies

1. Understanding of IS Audit Universe to ensure holistic coverage for the IS audits across – Application Systems, Information or data, Infrastructure (technology and facilities like hardware, operating systems, database management systems, networking, etc., and the environment that houses and supports them that enable the processing of the applications), People (internal or outsourced personnel required to plan, organize, acquire, implement, support, monitor and evaluate the information systems and services).
2. Understanding of audit and risk aspects related to domains such as IT Governance, IT Operations, IT Outsourcing, Application Control & Security, Pre and post-implementation application control audits and data migration audits with regard to critical systems, Change Management, Logical Access, BCP/DR, Data centre controls.
3. Strong understanding of the regulatory framework and guidelines applicable to Information Technology / Information Security and Information Systems Audit from various sectoral regulators as applicable for Banks.
4. To possess the relevant knowledge of Information Systems, IS Controls, and leading audit practices.
5. To have relevant competencies to understand the ultimate impact of deficiencies identified in IT Internal Control framework as part of IS audits.
6. Understanding of various fraud risk factors and ability to assess the associated risks and controls with the area under IS audit.
7. To be able to exercise due professional care, which includes following professional auditing standards in conducting the audit.
8. Competence, skills, knowledge, training, and relevant experience in technology and IS audit domain.

Working Experience: 2-5 years of work experience in auditing in financial services (preferably Bank), mid-size/large professional services firm with assignments in Internal Audit / information Security / Information technology.

Educational Level: B.E/B.Tech/MCA, Master’s Degree.

Certifications like ISO27001/CISA/CIA/Certified Cyber Security will be added advantage.