IT Audit & Risk Analyst

Role: IT Audit & Risk Analyst
Location: Bangalore
Schedule: 4PM IST – 1AM IST ( +/- 1 hour based on the Day light savings time)
Working model: Hybrid
Introduction:
The IT - Auditor and Risk Analyst is a highly respected, influential, and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company’s security posture across multiple jurisdictions. The IT Auditor Risk Analyst is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and regulatory requirements. The IT Auditor Risk Analyst is also responsible for leading internal audit efforts and coordinating with audit partners.
The ideal candidate is technical and possesses at least five-eight years relevant experience in security, compliance, risk management, or audit. In addition, the candidate should have a strong background in application development and configuration specifically around GRC tools. The role oversees the business’ adherence to security requirements and obligations mandated by standards, regulations and regulating bodies such as the Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Federal Financial Institutions Examination Council (FFIEC), and International Organization for Standardization (ISO), AIFMD, PSD2, EBA, ESMA, MAS, CSSF, CIMA, CBI. In tandem with security leadership, the IT Auditor Risk Analyst consistently assesses, audits, and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the IT Auditor Risk Analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the information security team, the IT Auditor Risk Analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance
Your role:

• Partner with global teams across Business Operations, Application, Compliance, IT and Legal to manage technology risks and regulatory compliance.
• Deliver assigned internal, external and jurisdictional audits per a published audit plan.
• Implement and support GRC technologies and tools within the Enterprise Technology Function.
• Draft and publish policies, standards, guidelines and procedures related to security and IT compliance.
• Improve compliance of IT processes and identify opportunities for technology compliance control automation.
• Execute end to end compliance initiatives in accordance with the compliance roadmap.
• Design high-quality test plans and direct technology control test activities.
• Build and maintain controls that map to compliance requirements, provide implementation recommendations and monitor evidence.
• Continuously improve the technology control framework in alignment with industry trends
• Contribute to coordination with jurisdictional inspectors and audit partners.

• Keep up to date with external technology and compliance regulations, data privacy and security best practices.
• Define and publish quantitative and qualitative technology compliance metrics and metrics to assess the success of the security program.
• Identify strengths and weaknesses in IT technology operations and projects as they relate to privacy, security, business resiliency and regulatory compliance.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Work in tandem with GRC and business leadership to perform ongoing security program assessments and audits and create annual strategic technology and budgetary directives.
• Analyse findings, and document, recommend and report program gaps to security leadership.
  

What technical skills, experience, and qualifications do you need?

• At least 5-8 years’ relevant experience in IT audit, risk management and/or cybersecurity as a practitioner
• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
• IT Developer expertise to configure and administer GRC tools may be a plus.
• Knowledge of global technology laws and regulations, including but not limited to PCI, SOX, FFIEC, ISO, GDPR, AIFMD, PSD2, EBA, ESMA, MAS, CSSF, CIMA, CBI, DORA.
• Understanding of audit standards and practices, and control frameworks ( ISO, NIST, COSO, COBIT, etc.).
• Understanding of security concepts of threat categories (such as malware, phishing attacks, Defense-in Depth, MITRE ATT&CK framework).
• Understanding of technology policies, standards, and guidelines .
• Experience with regulations and regulatory expectations regarding technology in the region of your accountability.
• Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
  

Additional Qualifications

• Prior experience conducting internal and/or external audits.

Looking to get Placed? Try our Placement Guarantee Plan

Get Hired
• Prior hands-on experience working with any GRC systems like Diligent, MetricStream, Logic gate, One trust, Archer etc.
• Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.
• Highly trustworthy; be an Individual contributor and Team player who leads by example.
  

Certification Requirements

• Holds or is working towards one or more security, audit or risk industry certifications preferred such as: CISSP, CISM, CRISC, CISA, CIA, CIPP, CIPT, CIPM, CERA, CRM, GRCP, GRCA or ISO 27001 LA.
• Any Certifications in IT Programming like .net, Java, Python, SQL, APIs etc is a good to have.
  

About Us
CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business. registered
CSC is committed to creating a diverse and growth-oriented environment where everyone is valued and respected. CSC offers challenging career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers .
Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other.
CSC takes pride in finding and qualifying people through an internal sourcing model. We encourage candidates to apply directly to our website and not through third party sources. CSC only accepts resumes from employment agencies who are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC.
Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications.
Organization
At CSCregistered, we’re always looking ahead, finding ways to improve and anticipate the future needs of our customers. Curiosity fuels our innovation and productivity drives our results. This proactive mindset has helped us adapt and create solutions that have enabled businesses to run smoother and smarter for more than 120 years.
CSC is committed to attracting, developing, and retaining talented people whose personal values align with ours. We empower our employees to bring the right solutions to market to meet customer demand. That is why we are the premier provider of global solutions for more than 180,000 businesses.

• CSC is a great place to work with smart and dedicated people.
• We have been voted a Top Workplace every year since 2006.
• We offer challenging work and career opportunities. Most positions are filled with internal moves and employee referrals.
• Employees are eligible for success sharing, bonus, or commission plans based on role and individual performance.
• CSC offers a competitive and comprehensive benefits package as part of your Total Rewards that includes annual leave, tuition reimbursement, employee referral bonuses, and more.