Job Title

Job Title: IT Security Audit ManagerJob Grade: ManagerFunction: Global Finance & AccountsSub-function: Global Internal AuditManager’s Job Title: IT Security Audit, ManagerSkip Level Manager’s Title: IT Security Audit, Deputy General ManagerFunction Head Title: Head of Global Internal AuditLocation: Mumbai (Work from Office)No. of Direct Reports (if any): NoneJob SummaryAudit planning: Perform process walkthrough to understand process, identify & document risks & controls, identify testing strategy etc.Audit execution: Validation of controls such as manual, automated, hybrid, access based etc.Perform substantive testing on population.Discuss queries identified based on control / substantive testingAudit closure:Agree observations with process owners, identify the correct root cause and provide recommendation (preventive & corrective).Agree on management commentsPrepare draft report as per Sun’s audit template.Issue final report after discussion with process owners & N-1.Data analytics: Provide inputs on additional data analysis performed in the audit.Action tracker Report: Follow-up with process owners for closure of action itemsAreas of ResponsibilityIT General Controls – Operating System (Windows, Linux etc.), Databases, Change Management, Data backup etc.IT Security control area like Network, Firewall, Data Leakage Policy (DLP), Vulnerability Management, Penetration Testing, Anti Virus etc.Working experience in SAP Basis configurationUnderstanding of SAP user authorisation conceptsIT Risk ManagementNature of Audits performed by the candidate:Cyber Security related areasOS reviews Linux & Windows serversDB reviews Oracle, HANA, MS SQL etc.IT General Control review of SAP (incl. Basis) & Non-SAP applicationsKey Skills:IT General Controls ReviewsIT Security ReviewsIT Enterprise Risk ManagementTravel Estimate~30 to 40% Travel RequiredJob ScopeInternal Interactions (within the organization)Functional TeamsExternal Interactions (outside the organization)External AuditorsGeographical ScopeGlobalFinancial Accountability (cost/revenue with exclusive authority)NoneJob RequirementsEducational QualificationBTech / BS / BE / BScMBA (IT / CS) / MSc / ME / MS / MCACertified Information System AuditorCertified Information Security ManagerSpecific CertificationThe Certified Information Systems Security ProfessionalISO/IEC 27001 CertificationData Privacy CertificationSkillsHigh on integrityGood verbal and written communication skills, Ability to confidently present audit observations and point of view effectively across all levels of management and staff.Relationship ManagementInter-Personal SkillExperienceAt least 3-5 Years of Relevant Experience preferably in Manufacturing / Pharmaceuticals IndustryPrior Experience in:BFSI/Manufacturing companiesBig 4Mid-size CA firms like BDO, Aneja, M&A, RSM etc.