SOX (Sarbanes-Oxley) Compliance Experts For 1 Of Top 5 Indian IT Cos Job in AJAX Consulting
SOX (Sarbanes-Oxley) Compliance Experts For 1 Of Top 5 Indian IT Cos
- Mumbai, Maharashtra
- Not Disclosed
- Permanent
- Full-time
My client would like to hire several SOX (Sarbanes Oxley) compliance experts to be based at their Mumbai offshore IT center.The IDEAL applicant: Will be an experienced expert on SOX Compliance. May have additionally done CISSP, BS 7799 and other similar audits Will be a BSc/ BE/ BTech/ MS/ MTech/ MSc/ MCA. Will have 4 to 8 years of overall experience.A sample of the kind of resume which we would ideally like to get from you is pasted at the bottom of this email. Now if you would like to explore this option: Please compose an email to SHARAD@AJAXCONSULTING.BIZ and then pls type SOX Sarbanes-Oxley in the subject of the email. Please attach your resume as an MS Word file after checking that it contains the following: At least 2 of your personal email ids All the phone numbers where you can be easily interviewed Your complete residence address (where couriers get delivered). Your date of birth. And then of course hit the send button.
Minimum Requirements
ABC has over eight years of consulting experience in Information Assurance across various domains such as Government, Banking, Call Centers, Telecom, Application Service Providers and ISPs. He is a CISSP and BS7799 Certified Lead Auditor and Implementer. He has excellent knowledge and experience of Information Systems Audit, Internal Controls Audit, Information Systems Process Audit, SOx compliance audits, Risk Management, Building and implementation of Information Security Policies based on the BS 7799/ ISO17799 standards, ISO/ TR 13335 (GMITS), COBIT, NIST standards and guidelines, computer security incident response planning, Business Continuity Planning, Disaster Recovery Planning, Risk Assessment and Monitoring tools including CRAMM, COBRA and ASSET. EDUCATION and ACCREDITATIONSAcademics Bachelor of ScienceAccreditations CISSP- Certified Information System Security Professional BS 7799 Lead Auditor, Implementer (BSi) Cisco Certified Network Professional CCNP Cisco Certified Network Associate - CCNA Microsoft Certified Systems Engineer MCSE, MCP + Internet Microsoft Windows Accelerated Exam 70-240 for MCPsWorkshops / Trainings attended IT Audit Best Practices by ICAI, India CoBIT Framework - Overview and Application, by ISACA, Chennai, India SOX Roadmap to compliance, Sify Ltd. SOX Key issues and implications for Audit, Sify Ltd. COSO/CoBIT and Internal Control Framework, Sify Ltd.EMPLOYMENT RECORD SKILLSCore Skills Business Process Analysis SOx compliance Audits BS7799 / ISO 17799 standard based ISMS build Risk Assessment and Management based on GMITS, NIST Security Policies and Practices design COBIT, BS7799 Interview and Evidence Gathering and Analysis Business Continuity, Disaster Recovery Plans Design and Audit Security Architecture Review and Auditing Access Control Audit Asset and Inventory Management Audit Infrastructure Management Operations Audit Business Continuity Plan Audit Best Practices based auditing COBIT, COSO Technical Skills Network and OS Level Auditing Skills Vulnerability Assessment Penetration Testing Network Log Analysis Application level Auditing Automated and Manual Configuration Checks Process MappingKEY PROJECTSProject - 1 Sarbanes-Oxley Compliance Documentation / TestingRole Project / Team MemberSummary As a project / team member responsibilities include; Document processes, narratives and control matrices for all processes/systems/contracts/locations using ISAAS templates and to ISAAS standards, UK. Identify all controls and the Who, What, Why, Where, How and When for each control to enable test scripts to be accurately designed and testing to be planned and performed.Key contact to assist in: Documentation of the process and controls Liaising with Global partners like EandY Tokyo and EandY TSRS, US Performance of Testing and Remediation Approaches Subject Matter Expert sign-off Project Management Project - 2 Sarbanes-Oxley Compliance Documentation and TestingRole Project MemberSummary As a project member responsibilities include; Document processes, narratives and control matrices for all processes/systems/contracts/locations using internal audit Group templates and to Group standard. Identify all controls and the Who, What, Why, Where, How and When for each control to enable test scripts to be accurately designed and testing to be planned and performed.Key contact to assist in: Documentation of the process and controls Determination of the testing approach Performance of testing and Remediation Approaches Subject Matter Expert sign-offFurther, Documenting the CoBIT processes and sub-processes, as undertaken within the Bank GIT (flowcharting where applicable) Identifying and narrating the control activities Group undertake to meet the CoBIT control objectives related to that process Analyzing these against the CoBIT recommendations to highlight any gaps and weaknesses which require remediation (Design Effectiveness testing) Completing the required schedules and control matrix with this information Substantively testing the controls in the operating environment to determine operational effectiveness Re-documenting and retesting of remediate controlsProject 3 Information Security Audit Of A GSM Call CenterRole Lead AuditorSummary The client wanted an independent auditor to conduct a comprehensive audit of their 902 GSM inbound call center. The assessment was done using industry best practices and included the following activities. High Level Risk Assessment for Audit Localizing and Planning using CRAMM Express Audit Scope finalization and Resource Planning Audit of Information Systems including conducting of interviews, evidence gathering and site visits Adequacy Audit of Internal Controls (IT) Applications Control Testing for Call Center Applications including Contact Management application, call management application, voice recording application, short messaging service application etc. Audit result analysis and reporting and Presentation to the Audit SponsorsProject 4 Information Systems Process AuditRole Project ManagerSummary The engagement involved an adequacy audit of the existing IS policies and procedures to maintain the Confidentiality, Integrity and Availability of the clients information. Responsibilities involved during the Phase 1 of the project Understanding the Business process and goals of the organization. Gap Analysis of existing policies, procedures and IT Internal controls. Testing and documenting the existing Application/System General controls. Providing the road map for implementing Application/General Controls.PROJECT 5 SAS 70 PREPAREDNESS REVIEWRole AUDITORSUMMARY Project briefThe client wanted to be prepared for the forthcoming SAS 70 Audit to be conducted by independent auditors. In order to ensure that the ODC has defined and implemented controls to provide its client continual and secure services and is in compliance with AICPA SAS 70 Type 2 requirements, an audit was performed of locations in at Hyderabad, India and New Jersey, U.S. The Client is one of the largest General Insurance Company in U.S. The controls at Strategic Level, Operational Level, and Monitoring Level were taken into consideration to conduct the audit. Responsibilities Client Interaction and Audit Plan determination IT Process Understanding Sampling of Controls Evidence Collection Compliance and Substantive Testing of ControlsProject 6 Enterprise Risk Assessment and Security Policy, Procedure DesignRole Project LeadSummary The client wanted to define and design an enterprise wide information security policies and procedures in accordance with BS7799/ISO 17799 specifications. As the project lead, was instrumental in the following activities. Client interaction and Engagement Scope finalization Stakeholder information capture and documents review Risk determination Assessment of efficacy of existing controls Stakeholder review discussion Selection of Controls Policy Discussion with business managers Design of Policy and Procedures Policy Discussion facilitationProject 7 Disaster Recovery Plan DesignRole Team MemberSummary The engagement was aimed at development and implementation of business critical disaster recovery plan and procedures for the organization. As a team member for the project, was actively involved in Scope definition and client interaction Risk Assessment Extensive Business Process Analysis Recovery Plan and Architecture Design Recovery Plan discussion and documentation Recovery Architecture deployment and testing Disaster recovery plan implementation facilitation Disaster recovery testingProject 8 BS 7799 Pre Certification AuditRole Project Team MemberSummary This audit was part of the EAP project in building an Information Security Management System in accordance with the BS 7799:2002 Part Specifications for the client. Post build of the ISMS; EAP wanted an independent auditor to conduct a pre certification audit. The engagement activity included the following Audit Scope Assessment Audit of ISMS Scope and Scope Document Audit of the Risk Assessment Conducted Audit of Risk Treatment Plan Audit of Statement of Applicability Control effectiveness testing and review Audit result analysis and result documentation Client Presentation
QualificationM.Tech, MCA, MS
4 to 8 Years
1 Hire