Senior IT / Security Auditor – Virtusa (Pvt.) Ltd

Position Summary
The Senior IT/Security Auditor is responsible for assisting in the execution of the worldwide IT audit program.

This position is responsible for helping to achieve initial and ongoing compliance with the Sarbanes-Oxley Act of 2002, information security, and information technology audits, as well as special projects on an ad hoc basis. The Senior IT Auditor will serve as an advisor to management, recommending improvement of internal controls designed to safeguard the Company’s assets, and for continuous improvement of operating efficiencies.

The Senior IT Auditor will report to the IT Audit Manager.

Ø 3-5 years’ experience in IT and/or security audit or related experience
Ø Big Four experience preferred
Ø A Bachelor’s degree in information technology discipline
Ø CISSP most preferred (or CISA accepted)
Ø Expertise in security audits preferred
Ø Experience spanning risk assessment, documentation, testing, and remediation in Information Technology General controls
Ø Excellent organizational and project management skills, ability to juggle several project and priorities simultaneously
Ø Strong leadership skills that foster positive and productive working relations with management across the company
Ø Excellent (English) communication skills, both oral and written, with a proven ability to communicate effectively with management
Ø Strong customer service orientation and collaborative teaming skills combined with the highest quality assurance standards
Ø Self-motivated with strong sense of personal accountability
Ø Detail, process and metrics driven to achieve goals
Ø Flexibility to conduct domestic and international business travel, as required

General responsibilities:
Ø Assist in executing a comprehensive audit program for the worldwide evaluation of management controls, with a strong emphasis on IT risk, security risks, and controls
Ø Examine the effectiveness of all levels of management in their stewardship of Company resources and their compliance with established policies and procedures
Ø Recommend improvement of management and internal controls designed to safeguard Company resources, promote Company growth and ensure compliance with the Sarbanes-Oxley Act requirements
Ø Review procedures and records for their adequacy to accomplish intended objectives and appraise policies and plans relating to the activity, function, or application under audit review
Ø Assist the IT Audit Manager to develop an audit plan that maximizes the productivity of the Company’s audit expenditures
Ø Evaluate the adequacy of the response to internal and external audit reports to ensure that a satisfactory disposition is achieved
Ø Provide operational advice, counsel and service throughout the Company, with a strong emphasis on IT activities including IT security
Ø Document procedures to ensure that all work performed is properly evidenced
Ø Keep the IT Audit Manager and Audit Director informed of ongoing activity with regard to the status and results of Sarbanes-Oxley compliance efforts, as well as operational, IT and security audits
Ø Report audit findings in a concise, understandable manner that assists in the resolution of problems and highlights matters requiring immediate attention
Ø Help ensure that the Internal Audit Department adheres to the “Standards of Professional Practice in Internal Auditing” published by the Institute of Internal Auditors

Security Responsibilities:
Ø Provide security expertise for the IT Audit Team
Ø Advise the IT Audit Manager on industry security risks
Ø Advise internal Management on security risks, controls, and recommendations
Ø Assist the IT Audit Manager to prepare the annual Audit Plan with due consideration for security

Sarbanes-Oxley responsibilities:
Ø Help administer the process of maintaining and assessing IT procedures and internal controls as required by Section 404 of the Sarbanes-Oxley Act.

Ø Working with the company’s IT teams, consultants, and IA staff, accountable for:
o Continuous monitoring, development, enhancement, and maintenance of relevant processes, process and application owners, control matrices and narratives for all significant locations and business units.
o Development and maintenance of audit programs to test the effectiveness of internal controls, the performance of testing and review and interpretation of test results.
o Documentation of compliance testing results and evaluation of control effectiveness.
o Identification of corrective actions required and the tracking of remediation activities to ensure internal control issues are resolved on a timely basis.

Ø Provide Internal Audit leadership with progress against action plans to ensure appropriate corrective action is implemented on a timely basis for all Sarbanes-Oxley remediation items, Audit Management Letter Comments, Audit Committee and management recommendations.
Ø Enhance Company’s Sarbanes-Oxley process by assisting to:
o Establish requirements and drive documentation of policies and procedures covering the Company’s compliance with Section 404 of the Sarbanes-Oxley Act
o Share best practices among regions and highlight potential process improvements and efficiencies.