Job Information
WTW Control Resiliency Assessor in Mumbai, India
Job Summary
Control Resiliency team is a part of Global Strategy Governance, Risk & Compliance vertical. Current role will support the delivery of projects related control testing in the areas of Information & Cyber Security, Technology, Infrastructure etc. Conducting design adequacy and operating effectiveness testing of on-prem and cloud controls associated with different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001, CCPA, NYDFS etc. The role demands extensive knowledge in ITGC & Cybersecurity audits along with good communication skills (both verbally and in writing), and excellent stakeholder management abilities.
Experience Band 3-5 yrs.
Responsibilities & Duties
Perform controls (On-prem & Cloud) including assessment of Control design Adequacy & Control Operating effectiveness
Demonstrable knowledge on different audit regimes such as SOx 404, SOC2, SSAE18, ISO 27001 etc
Establishing and operating processes and procedures for control testing.
Excellent executional skills with respect to control testing
Reporting and tracking on prem and cloud control gaps as well as ineffective or inadequate controls
Identify opportunities and recommendations to improve the design and implementation of controls
Support control owners in the design and maintenance of controls and documentation
Undertaking such other tasks and responsibilities as assigned by Manager
Keep yourself up-to date with latest IS regulations and standards
Technical Skills:
Need to have Skill Proficiency
Basics of IT Auditing and IT Risk concepts
Knowledge of Sox, SOC & other IT and Privacy related standards
Understanding of Active Directory, Privileged Access Management Controls.
Understanding of RCMs and Audit Documentations
Technical Skills :
Nice to have:
Cloud Security & Cloud Control Testing
Knowledge of Risk management tools, methodologies and practices
Experience in testing OS and DB controls
Knowledge of SIEM, PAM & Discovery Tools.
Qualified to degree level, preferably in a business, IT or security related subject