Website Tata Steel
Providing assurance to the Audit Committee (AC) of Board of Directors (BOD), the CEO & MD and the Senior Management, on control adequacy and effectiveness on Application Controls / Configuration Controls / Business Process Controls / IT Governance / Risk Management for uninterrupted business operations. Executing audits, advisory, and other special projects in accordance with the approved audit plan. Auditor shall undertake reviews of the organization’s IT applications (in the areas of Operations, Finance, HR, New Material Business), processes and controls to protect its intellectual property, using industry standards as a guide, and provide recommendations for improvements.
- Testing for information security audit covering cross-site scripting (XSS), cross-site reference forgery, SQL injection flaws, input validation flaws, malicious file execution, insecure direct object references, information leakage and improper error handling, broken authentication and session management, insecure communications, failure to restrict URL access, and denial of services etc.
- Reviewing and documenting the IT application landscape of existing TSL and its group companies to determine control posture w.r.t ISO requirements and industry best practices
- Application Security and Operational Technology Audit including Vulnerability Assessment and Penetration Testing for the IT systems. (Process Control, Manufacturing, Reporting & Business)
- Conducting audit of assigned activities for IT enabled systems as per the approved Annual Audit Plan, including any special audit/ project assigned by the respective Group Head To assist respective Group Head in preparing the final report for the process owner for control lapses.
- Identification and categorization of various applications (Process Control, Manufacturing Execution, Business and Reporting) based on criticality and business impact.
- Identifying associated threats, vulnerabilities, risk impacts and mitigation controls with each of the application.
- Reviewing IT General Controls (Access and Identity Management, Change Management, IT Governance, Information
- Reliability & Integrity, Data Migration) and Application & Configuration Management for SAP (ERP & S4H), surround systems and emerging technologies.
- Performing configuration audit for all the modules of SAP as per best practices.
- Create security policy and guidelines document for user access management, password policy, data exchange with agencies and vulnerabilities mitigation.
- Identity and access management, security program policies, processes, standards, requirements and procedures and various supporting security technologies.
- Exposure to applicable IT Standards to bring in efficiency through standardization and implementation of established practices.
- Application / Database technologies used to store enterprise information, directory services, financial information, and information systems auditing
- Clear understanding of database tables and data capturing techniques along with interface management Audit and assessment methodologies, procedures and best practices that relate to systems and applications
- Knowledge of established controls and control objectives which form an essential part of risk management.
- Standard architecture and design of IT applications covering SAP S4H, Process Control System and other surround systems
Qualification & Experience:
- B.E. / B. Tech / MCA/ M.Sc. with Diploma in Computer Application.
- 4 – 6 years in managing / auditing IT General and Application Controls in accordance with established IT standards for SAP S4H and surround systems covering IT Governance, Risk Management, Access Management, IFC, Configuration Management, Transactional and Business Process controls
- Relevant Experience: 5 Years to 10 Years.
- Experience in IT systems pertaining to Process Control (Level I & II), Plant Maintenance, Production & Reporting (MES), Supply Chain etc.
- Sound knowledge of SAP S4H and surround systems, SAP GRC Access / Process Control module including SOD. Awareness on key IT domains – Cloud Computing, Database Management, SDLC, Data Protection, Emerging Technologies etc.
- Certification in IT standards / SAP/ Emerging Technology Desirable: Understanding of ISO 27001/ NIST/ COBIT framework
Company: Tata Steel
Vacancy Type: Full Time
Job Functions: Other
Job Location: Kolkata, West Bengal, IN
Application Deadline: N/A