Risk & Compliance - Risk and Compliance Representative

Job Title: Risk & Compliance - Risk and Compliance Representative

Location:Chennai

Experience: 10-12Years

10+ years of expereience with 5+ years in Audit / Compliance

Experienced in conducting IT audits that includes conducting and leading IT audits, risk assessments, and compliance reviews with a focus on IT controls.

2. A solid understanding of information technology systems, infrastructure, and security is crucial. This includes knowledge of network architecture, operating systems, databases, cloud computing, cybersecurity principles, and IT governance frameworks (e.g., COBIT, ITIL).

3. Experience in performing risk assessments, identifying IT risks, and developing risk mitigation strategies is essential.This role should have a solid understanding of risk management principles and be able to apply them to IT audit processes effectively.

4. Excellent communication skills are necessary to effectively communicate complex technical concepts to non-technical stakeholders, including senior management and executives. The IT Auditor should be able to articulate audit findings, risks, and recommendations clearly and concisely in both written reports and verbal presentations.

5. Strong analytical and critical-thinking abilities are essential for analyzing complex IT systems, identifying control weaknesses, and assessing potential risks. The IT Audit Manager should be skilled in using data analysis techniques and tools to draw insights from large volumes of IT data.

6. Keeping up-to-date with emerging technologies, industry trends, and regulatory changes is crucial for an IT Audit Manager.

7. The IT Auditor must maintain the highest standards of professional ethics and integrity. They should adhere to auditing standards and confidentiality requirements, handle sensitive information with care, and maintain impartiality and objectivity throughout the audit process.

Key Responsibilities

1. Prioritize controls and assist in Audit Planning

2. Perform compliance reviews, enterprise security audits( both application and infrastructure) which involves

a. Verify IT General, application and cyber security controls to ensure effective delivery of functional processes

within operations to mitigate risks.

b. Verify technology risk management processes, application development and deployment processes,

database management, vendor management, etc.,

c. Publish reports with actions and provide closure guidance as needed

3. Prepare high quality audit planning memo and Risk Control Matrix (RCM), workpaper documentation, manage discussion with stakeholders.

4. Apply guidance from enterprise policies and procedures and control testing industry best practices in workpaper documentation and effective challenge

5. Lead walkthroughs with control owners/1st LOD testers to obtain a sufficient understanding of the design effectiveness and operating effectiveness of the control.

6. Design and execute testing procedures to evaluate the effectiveness of controls related to technology risks.

7. Responsible to identify control gaps and communicate findings and control redesign recommendations to Management/Clients.

8. Prepare Dashboards and reports as directed by the delivery lead on time.