IN-Manager _ Control Testing _Internal audit services_ Advisory _Pune

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Risk

Management Level

Manager

Job Description & Summary

A career in our Financial Services Analytics practice, within Risk Assurance Compliance and Analytics services, will provide you with the opportunity to assist clients in developing analytics and technology solutions that help them detect, monitor, and predict risk. Using advanced technology, we’re able to focus on establishing the right controls, processes and structures for our clients to ensure that decisions are based on accurate information and assure that information provided to third parties is accurate, complete, and can be trusted.

Our team helps business leaders use data driven analytics to increase growth and profitability, lower costs to improve efficiencies, drive digital transformation, and support risk and regulatory compliance priorities. We focus on financial risk modelling, risk analytics, customer analytics, data analytics strategy and organisation, and data analytics technology.

Job Description & Summary: A career within Cybersecurity and Privacy services, will
provide you with the opportunity to help our clients implement an effective cybersecurity
program that protects against threats, propels transformation, and drives growth. As
companies pivot toward a digital business model, exponentially more data is generated and
shared among organizations, partners and customers. We play an integral role in helping our
clients ensure they are protected by developing transformation strategies focused on security,
efficiently integrate and manage new or existing technology systems to deliver continuous
operational improvements and increase their cybersecurity investment, and detect, respond,
and remediate threats
 

Responsibilities:

• Have a good understanding of the Bank Risk & control framework and the underlying concepts on Risk Management
• Assist in performing the monitoring review that augments the principles defined as per risk and control assessment methodology.
• Involve in Control & Monitoring Design
Assessment meetings and understand the monitoring steps and correlate with the controls.
• Monitor the compliance of control as appropriate to the regulatory requirement. This could be mostly in the Medium to High complex reviews with an Inherent Risk rating of 1 or 2 (predominantly)
• Collaborating with onshore and offshore teams in gathering the necessary
evidence required to perform the testing. Escalate any control failures.
• Timely submission of results in the Bank Risk Control system
• Assisting in the creation and maintenance of reports for control tracking and analysis
• Identify risks across the business and organize cross-functional solutions.

• Additional duties as assigned.

• Graduation in EC or CS or IT or Information Security or Cyber Security or MCA.
• Working experience as a Penetration Testing Expert for 5 year(s)
• Hands on experience with security testing frameworks such as the PTES, OWASP, OSSTMM, SANS.
• In-depth knowledge of application development processes and at least one programming and one scripting language (e.g., Java, Scala, C#, JavaScript, Angular, ReactJs, Ruby, Perl, Python, Shell).
• Knowledge on OS security (Windows, Unix/Linux systems, Mac OS, VMware), network security and cloud security.
• Hands on experience in BurpSuite, Nessus, Checkmarx, Acunetix and Kali Linux penetration testing tools etc.
• Knowledge on Threat Modelling, Source Code Reviews, Secure Architecture Reviews 
• One of the certifications – OSWE/OSCP/OSCE/eJPT/CPENT- ECCouncil /LPT(Licensed Penetration Tester-ECCouncil)/GPEN(GIAC Penetration Tester)/ GWAPT(GIAC Web Application Penetration Tester) is mandatory (preferably OSCP)

High Level Responsibilities:

• Security testing of mobile applications, web applications, APIs etc.
• Perform SAST, DAST & VAPT with new standards from time to time. Review sufficient security controls are in place as per, but not limited to, client's policy, industry best practice/process and regulatory requirements.
• Identify the Individual Application security risk portfolio / threats. Gaps identified along with recommendations to be submitted in Customized reports as requested by client.
• Review of API/middleware/SFTP etc. interfaces between applications.
• Develop/Review Baseline document for OS/Application Security/ API.
• Review the security architecture of various applications deployed/to be deployed (including cloud based) and assess risk associated and suggest mitigation & resolution.
• Evaluation/Security Assessment of open-source applications.
• Vetting of Network and data flow Diagrams, with respect to security aspect, for new applications, in co-ordination with the vendors and clients.
• Review application architecture, data flow diagram, network diagram, database configuration, crypto standards.
• Perform Application threat modeling.
• Gap assessment of the Cloud applications, solutions, platforms, process to fill the gaps.

Education:

• Minimum Qualification: BE/ BTech/MBA/Mtech/MCA / ME Postgraduates in any stream would be preferred (not mandatory)

Mandatory skill sets:

Control Testing

Preferred skill sets:

 Internal Audits

Years of experience required:

8+ Years

Education qualification:

BE, B.tech, ME, M.tech, MCA, (non mechanical)

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Commerce, Bachelor of Engineering, Master of Business Administration

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Controls Testing

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date