Audit Manager - IS Audit

Job Description

Job description

Essential Services : Role & Location fungibility

To achieve this, employees at ICICI Bank are expected to berole and location-fungiblewith the understanding thatBankingis anessential service.The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature.

About the Role

As an Auditor, you will be responsible for audit of Technology Solutions Group, Business Technology Operations Group, Technology Infrastructure Group (TIG), Technology Management Group (TMG), IT Governance and Information Security Group.

• Control Environment Evaluation:Understand existing technology processes and evaluate the internal controls in those processes and provide assurance on the control environment. Working knowledge in areas such as Access management, Application Controls, change management and other areas related to IT Audit.
• Audit Planning & Execution:Prepare audit checklist and perform field work of auditable areas including sending data request, discussing queries with auditee and maintaining proper work papers. Performing internal audits (IT audits preferred) including checklist preparation, performing field work and writing detail audit report.
• Audit Findings & Reporting:Continuous Interaction with auditee to discuss audit findings and recommendations. Preparation of detail audit reports capturing the results of tests performed and maintain proper audit work papers supporting the fieldwork.
• Analyse & Review:Identify areas where audit processes can be automated/ analytics can be implemented for conducting control testing.
• Process Automation & Analytics:Maintenance of up to date working papers as per the internal audit policy and diligent use of Audit Software for the purpose of documentation and demonstration of adherence to the internal audit methodology.
• Stakeholder Management:Interaction with stakeholders for keeping self-updated on change in internal control environment. Interaction with business technology or Information Security group on regular business requirements. Involvement from business side in developing or testing APIs required by business or third-party vendors

• Educational Qualification:BE in Computer Science or Information Technology or Electronics and telecommunication or equivalent combination of education and experience in Information Security with relevant work experience in executing IT Audits as a team member or team leader OR prior experience of working in technology or related departments of in any other organisation. Professional security certifications like CEH, CISA, DISA, CISSP, CCNA etc. are preferred.
• Security & Compliance:Knowledge of IT Security and Data security aspects including OWASP Top 10 vulnerabilities. Technical skills such as web security testing (using tools such as Burpsuite), API testing, SAST (using source code analysis tools), penetration testing techniques, etc