Consultant | Risk and Control Testing | Pune | Cyber Strategy & Transformation

Project Role:Risk & Control Testing/ Assurance Responsibilities include:This role conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology and Infomation security (IT/IS) system to determine the overall effectiveness of the controls. Role includes and is not limited to:- SOX,Cloud, Data Management IT/IS controlsTesting and Assurance Design and execute controls testing strategies to evaluate the design adequacy and operating effectiveness of controls.Testing Approach Review and Process Documentation-Develop methods to monitor and measure risk, compliance, and assurance efforts.Create test plan, test scripts etc. to support the delivery ofcontrols assurance objectives.Prepare detailed testing documentation, workpapers and reports to highlight findings and recommendations.Collaborate with various departments for control walkthroughs, sampling, evidence collection etc.Maintain up-to-date knowledge of industry standards and best practices related to controls testing.Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.Review existing Risk control testing approach and methodology used by client to identify areas for improvement based on IT risk & control frameworks and industry good practices.Develop templates to facilitate the control testing and the documentation and reporting of the control testing outputs in line with the refined control testing approach and methodologyLiaise with designated stakeholders to identify the prioritised set of controls and document repeatable test scripts for testing design effectiveness (DE) and operational effectives (OE) of prioritised IT and IS controls.QualificationsBachelors degree (or equivalent experience) with minimum 2-5 years of experience in IT risk and control testing, Risk and compliance. Preferably with global banking clients.- ISO 27001, CRISC or CISA Certified Mandatory, CISSP certification Desirable- Information Systems/Network Security-Understanding of NIST, ISO, COBIT or equivalent cyber security framework.- Information Technology Assessment and Risk Management