Job Portal Logo
LoginSign Up

IN-Manager _ Control Testing _Internal audit services_ Advisory _Pune

PWC

5 - 10 years

Pune

Posted: 22/11/2024

Job Description

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Risk

Management Level

Manager

Job Description & Summary

A career in our Financial Services Analytics practice, within Risk Assurance Compliance and Analytics services, will provide you with the opportunity to assist clients in developing analytics and technology solutions that help them detect, monitor, and predict risk. Using advanced technology, we’re able to focus on establishing the right controls, processes and structures for our clients to ensure that decisions are based on accurate information and assure that information provided to third parties is accurate, complete, and can be trusted.

Our team helps business leaders use data driven analytics to increase growth and profitability, lower costs to improve efficiencies, drive digital transformation, and support risk and regulatory compliance priorities. We focus on financial risk modelling, risk analytics, customer analytics, data analytics strategy and organisation, and data analytics technology.

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.
At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. "

Job Description & Summary: A career within Cybersecurity and Privacy services, will
provide you with the opportunity to help our clients implement an effective cybersecurity
program that protects against threats, propels transformation, and drives growth. As
companies pivot toward a digital business model, exponentially more data is generated and
shared among organizations, partners and customers. We play an integral role in helping our
clients ensure they are protected by developing transformation strategies focused on security,
efficiently integrate and manage new or existing technology systems to deliver continuous
operational improvements and increase their cybersecurity investment, and detect, respond,
and remediate threats
 

Responsibilities:

• Have a good understanding of the Bank Risk & control framework and the underlying concepts on Risk Management
• Assist in performing the monitoring review that augments the principles defined as per risk and control assessment methodology.
• Involve in Control & Monitoring Design
Assessment meetings and understand the monitoring steps and correlate with the controls.
• Monitor the compliance of control as appropriate to the regulatory requirement. This could be mostly in the Medium to High complex reviews with an Inherent Risk rating of 1 or 2 (predominantly)
• Collaborating with onshore and offshore teams in gathering the necessary
evidence required to perform the testing. Escalate any control failures.
• Timely submission of results in the Bank Risk Control system
• Assisting in the creation and maintenance of reports for control tracking and analysis
• Identify risks across the business and organize cross-functional solutions.

• Additional duties as assigned.

  • Graduation in EC or CS or IT or Information Security or Cyber Security or MCA.
  • Working experience as a Penetration Testing Expert for 5 year(s)
  • Hands on experience with security testing frameworks such as the PTES, OWASP, OSSTMM, SANS.
  • In-depth knowledge of application development processes and at least one programming and one scripting language (e.g., Java, Scala, C#, JavaScript, Angular, ReactJs, Ruby, Perl, Python, Shell).
  • Knowledge on OS security (Windows, Unix/Linux systems, Mac OS, VMware), network security and cloud security.
  • Hands on experience in BurpSuite, Nessus, Checkmarx, Acunetix and Kali Linux penetration testing tools etc.
  • Knowledge on Threat Modelling, Source Code Reviews, Secure Architecture Reviews 
  • One of the certifications – OSWE/OSCP/OSCE/eJPT/CPENT- ECCouncil /LPT(Licensed Penetration Tester-ECCouncil)/GPEN(GIAC Penetration Tester)/ GWAPT(GIAC Web Application Penetration Tester) is mandatory (preferably OSCP)

High Level Responsibilities:

  • Security testing of mobile applications, web applications, APIs etc.
  • Perform SAST, DAST & VAPT with new standards from time to time. Review sufficient security controls are in place as per, but not limited to, client's policy, industry best practice/process and regulatory requirements.
  • Identify the Individual Application security risk portfolio / threats. Gaps identified along with recommendations to be submitted in Customized reports as requested by client.
  • Review of API/middleware/SFTP etc. interfaces between applications.
  • Develop/Review Baseline document for OS/Application Security/ API.
  • Review the security architecture of various applications deployed/to be deployed (including cloud based) and assess risk associated and suggest mitigation & resolution.
  • Evaluation/Security Assessment of open-source applications.
  • Vetting of Network and data flow Diagrams, with respect to security aspect, for new applications, in co-ordination with the vendors and clients.
  • Review application architecture, data flow diagram, network diagram, database configuration, crypto standards.
  • Perform Application threat modeling.
  • Gap assessment of the Cloud applications, solutions, platforms, process to fill the gaps.

Education:

  • Minimum Qualification: BE/ BTech/MBA/Mtech/MCA / ME Postgraduates in any stream would be preferred (not mandatory)

Mandatory skill sets:

Control Testing

Preferred skill sets:

 Internal Audits

Years of experience required:

8+ Years

Education qualification:

BE, B.tech, ME, M.tech, MCA, (non mechanical)

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Commerce, Bachelor of Engineering, Master of Business Administration

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Controls Testing

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No

Job Posting End Date

About Company

PricewaterhouseCoopers (PwC) is a global professional services firm providing audit, tax, and consulting services. PwC helps organizations manage financial risks, comply with regulations, and improve performance through its expertise in industries like finance, healthcare, and technology.

Services you might be interested in

One-Shot Campaign

Reach out to ideal employees in one shot!

The intelligent campaign for reaching out to the ideal audience to whom you can ask for help (guidance or referral).

getmereferred logo Know more