Assurance Specialist

Skills:

- Access Lo information systems audit tools is protected to prevent any possible misuse or compromise

- Audit and compliance policies and procedures are implemented to detect possible violations to information security policies and standards

- Internal audit and compliance activities are carried out by designated personnel within the area of responsibility (e.g., self-assessments) to verify that information systems are compliant with applicable security implementation standards. Also, he should report any kind of gaps and provide a road map to mitigate overcome it

- Periodic review of performance is done against define KPI's and targets. Any deviations should be reported. The underlying causes should be identified and when required a root cause analysis across deviations should be performed

- Carry out periodic information security assessment of SAB IT Infrastructure and applications including vulnerability assessment, secure code review and web application assessment

- Audit requirements and activities involving checks on operational systems are carefully planned and communicated to minimize the risk of disruptions to business processes

- Controls are in place ensuring audit activities are executed with minimal risk of disruptions to business processes and production systems

- Develop and implement secure coding lifecycle procedure

- implementation of SSQA

Qualification:

- 5+ years of experience in Information Security audit and risk management

- Expert knowledge of information security audit methods

- Working knowledge and understanding of security standards and frameworks such as NIA, QCSF, IS0 27001, COBIT

- Working knowledge Software Security and Quality Assurance SSQA 2.0

- Demonstrates extensive abilities while performing information audits

- Working knowledge of periodic security performance monitoring and reporting

- Experience carrying out audits and assessments of technology infrastructure