Job Description for IT Project Audit Consultant:
Responsible for supporting the Head of IT Audit
in providing internal audit services IT-related processes/controls. He/she will
undertake technology audits, IT project assignments and ad-hoc review work for
allocated assignments.
Conduct
IT project reviews (for SDLC and Agile) and liaise with various internal and
external stakeholders such as IT, Business, Operations, Vendors as an
independent oversight to ensure compliance with regulatory requirements, IT
standards and project governance to adhere to budget/costs, timelines, project
objectives, specifications, and requirements.
Comprehend
banking processes to identify any gaps and report them with demonstrated
evidence of impact to organization. Ensure that appropriate corrective actions
are tracked to closure.
Participate
in governance forums to represent independent oversight and add value by
enhancing control gaps.
Review
development and implementation of regulations, policies, procedures throughout
the project life cycle to ensure that all systems and processes meet required
level of compliance. Review development of quality assurance processes for
improvement of new and existing systems to maximize overall quality of software
products and information systems.
Assess
design, development and testing processes for IT systems. Review logical access
of IT systems and high-level credentials. Review and test implementations of IT
systems and internal processes to maximize efficiency, effectiveness. Identify
areas for improvement within organization's IT infrastructure and applications.
Perform
reviews in Cybersecurity, General IT Controls, IT Governance Framework, IT
Service Resilience, Cloud hosted services, Change Control Management/Continuous
Integration/Deployment, Data Leakage, Information Security Requirements of
Regulatory Authorities, Network Security, Agile Methodology, Security solutions
(e.g. DLP, WAF, firewall, network access control, IPS/IDS, proxy server, SIEM),
Agile methodology.
Review
and assess IT security risks to data, software and hardware such as encryption
protocols, keys management ensuring data security in transit and at rest,
assess physical and technical security risks. Conduct interviews for fitment to
the engagement requirements such as vulnerability assessments, penetration
testing, security configurations review etc.
Review
IT security systems to ensure security measures are in place and working as
intended (such as firewalls, anti-virus, threat detection and prevention
systems).Review IT security and emergency measures policies, procedures,
incident response plans and test effectiveness of security measures in response
to cybersecurity events and incidents.
Test
effectiveness of IT operations for preventive procedures such as maintenance,
batch processing of IT systems. Investigate IT incidents including
cyber-attacks for intrusions and unauthorized activities.
Qualification and experience: Bachelor’s Degree with at least 10+
years of experience working in IT audits and project reviews in banking or
financial institutions.