- Control self-assessment methodology for the organization s integrated control framework.
- Review the control testing responses and evidence submitted by control owners and engage for process walkthroughs and clarifications if any.
- Document the observations/ findings and publish internal control testing status to the executive committee.
- Performing analysis of revisions/ updates to regulatory requirements and identify gaps in the current organization control framework.
- Engage with the client / vendors / Partners to enhance the control testing and remediation workflow.
- Track and manage remediations with Delegated entities till closure.
- Participate in risk management discussions to identify solution risks and strategies to mitigate them.
- Maintain risk register and engage business owners for risk acceptance if any.
- Review audit findings with peer auditors and prepare an executive summary.
- Conducting Vendor risk assessments as per standards: ISO 27001 - 2013, ISO 31000, NIST, PCI DSS.
- Security audit, identify the gaps and gap assessment report documentation and submit the report to the management.
- Knowledge in Vulnerability management and Incident management.
- ITGC control testing
- Collect the evidence and share the evidence to the auditors.
Information Security Skills
- Must have a strong background in information technology with a clear understanding of the challenges of information security.
- Good understanding ISO27001 / NIST / CIS framework implementation and maintenance mechanism
- Security threat analysis and their risk mitigations.
- Business continuity management / Disaster Recovery
- Good knowledge on AWS cloud
- Understanding of data protection and privacy regulations like DPA, GDPR etc
