Senior IT Internal Auditor
Treeline Business Solutions
- Chennai, Tamil Nadu
- Permanent
- Full-time
- Perform IT/OT Audits, Cybersecurity reviews, advisory engagements and other influencing activities in highly technical areas of current/emerging technologies.
- Adapt the audit approach to the ever-changing technology landscape and deliver critical and complex technology audits that impact the group-wide internal controls.
- Develop detailed Audit Program/Risk & Control Matrix (RCM) for the assigned audit, including potential risk, key controls, audit procedures and the use of audit techniques and tools to evaluate governance, risks, and controls processes.
- Determine auditing procedures to be applied, including the use of Information Systems Audit Techniques, data analytics, sampling method, etc.
- Identify high-risk areas, key control points, root causes and implications in relation to IT/OT environments reviewed.
- Prepare audit report with the conclusion, expressing professional opinions on the adequacy and effectiveness of risk management, control systems, and recommend improvement options to rectify reported deficiencies.
- Ensure that adequate working papers and all relevant information are continuously documented and updated in the automated Audit Management System in accordance with pre-defined templates and audit procedures.
- Appraise the adequacy of the corrective actions taken by management on audit recommendations through follow-up audits and periodically review and update the status of management action plans.
- Assist in the periodic reporting to the Audit Committee and Senior Management on internal audit activities, performance, significant risk exposures, controls/governance issues, and other related matters.
- Provide relevant business and technology insights into the current, emerging & potential technology issues, trends & opportunities affecting the management.
- Participate in conducting special reviews and undertake administrative duties as directed by Management.
- Supplement integrated audits and support business and group auditors in reviewing the technology controls within an operational audit.
- You will be responsible for carrying out this task for clients who are located in Middle East countries.
- IT audit certification such as CISA
- OT or ICS-related certifications are highly desirable.
- Other related certifications (CISSP, CISM, GIAC, GICSP, IEC-62443 etc.) are preferred.
- BE / B Tech in Computer science Engineer or MCA / M.Sc Computer Science with 7-10 years of varied experience in IT internal auditing and a minimum of 3+ years of work experience in Operational Technology or Industrial Control Systems.
- Expertise in developing or reviewing IT/OT security programs and conducting cybersecurity assessments for IT/OT environments including ICS, SCADA systems etc. and associated OT network architecture.
- Solid foundational knowledge of IT/OT security landscape including but not limited to, network architectures, network protocols, industrial protocols, Active Directory, Backup processes, virtualization of applications and OT integration with traditional IT systems (IT and OT Convergence).
- Solid understanding of OT security technologies such as Data diode, EDR, Antimalware, patch management, SIEM solution etc.
- Advance technical knowledge of different operating systems, databases, network infrastructure components (routers, switches, firewalls etc.).
- Advanced knowledge of OT/ICS-related standards like IEC 62443, NIST 800-82.
- Knowledge and experience with OEMs Honeywell, Yokogawa, Siemens etc. systems will be added advantage.
- In-depth knowledge of International Professional Practices Framework for IT Assurance/IT Assurance Framework (ITAF) and other related frameworks/standards (e.g. COBIT, ITIL, ISO 27000, NIST) and their interpretation/application to IS/IT auditing practice.
- Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action.
- Expertise in collecting and analyzing complex data using data analytics tools, evaluating information and systems, and drawing logical conclusions.
- Extensive knowledge of planning and project management areas.
Expertia AI Technologies