PitchMeAI
S&P Global

IT Lead, Internal Audit

S&P Global · Bengaluru, Karnataka, India

  • On site
  • Full-time
  • $120,000 / year
  • Bengaluru, Karnataka, India

Job highlights

  • Lead global technology audits for S&P Global.
  • Focus on application security and information security.
  • Utilize AI and data analytics for audit improvements.
  • Manage audit plan development and execution.
  • Collaborate with senior management and stakeholders.

About the role

About The Role

Grade Level (for internal use): 10

The Team

S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Audit Director, you will be part of a global and diverse Audit team with coverage for enterprise-wide Applications. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, & Taiwan. The Divisional Technology Audit team is a critical unit of the global audit function and performs audits focusing on S&P Global Technologies (IT Applications and Information Security).

The Impact

This role will be part of the IT Application audit team, focusing on audit plan management and execution of Technology audits globally. This role will provide you with a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity.

What’s In It For You

This role provides extraordinary learning opportunities and interacts with senior management across the Company. If you’re right for this role, you will interact, meet and work with several key stakeholders in interesting and meaningful engagements. You’ll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities, including AI and data analytics practices to improve the audit activities. This role will be primarily accountable for S&P Global annual audit plan development and internal audits execution (planning, fieldwork and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Applications, Information and Cyber Security and the associated risks for S&P Global worldwide. The incumbent will be expected to conduct an independent audit and work effectively with members of the Audit Leadership team.

Responsibilities

  • Lead application security audits, ensuring the efficient and timely execution of the approved Audit Plan.
  • Conduct comprehensive security audits, including penetration testing, to identify vulnerabilities across applications, infrastructure, databases, operating systems, and cloud environments.
  • Execute end-to-end audits in alignment with the annual audit plan, ensuring timely completion.
  • Review audit outcomes and results, collaborating with key auditees to agree on remedial action plans and facilitate smooth audit processes.
  • Leverage data analytics and automation to enhance the efficiency and quality of audit execution.
  • Collaborate with key stakeholders within the divisional technology functions to enhance audit effectiveness.
  • Stay informed about best practices in information security audits to ensure continuous improvement.
  • Keep abreast of emerging security threats, trends, and technologies to enhance security posture and refine internal audit processes.

What We’re Looking For

  • 5+ years of experience handling several technology audits including web applications. Experience with a Big 4 firm would be an advantage.
  • Experience in conducting penetration testing using tools such as Burp suite, Metasploit, NMAP, Nessus, etc.
  • Exposure to Python programming and awareness of generative AI technologies.
  • Knowledge of risk management frameworks and proficient in carrying out in-depth Applications security including configurations.
  • Strong knowledge of cloud security and best practices for cloud penetration testing.
  • Familiarity with data analytics tools such as Alteryx, Power BI, and Tableau is an advantage.
  • Excellent report writing skills.
  • Strong written and oral communication, approachable style, and well-developed negotiation and listening skills.
  • Demonstrated experience in strong work ethic, initiative, teamwork, and flexibility in meeting department goals.
  • Excellent team collaboration skills to deliver results, innovate and strive for excellence.

Basic Qualifications

A Bachelor / master’s degree in information technology or computer science or related major.

Preferred Qualifications

Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional – CISSP, CEH, Red Team, or Equivalent.

Key skills/competency

  • IT Audit
  • Application Security
  • Penetration Testing
  • Information Security
  • Risk Management
  • Cloud Security
  • Data Analytics
  • Python
  • AI
  • CISA

Skills & topics

  • IT Audit
  • Application Security
  • Penetration Testing
  • Information Security
  • Risk Management
  • Cloud Security
  • Data Analytics
  • Python
  • AI
  • CISA
  • Technology Audit
  • Cyber Security
  • IT Governance
  • Audit Lead
  • Internal Audit

How to get hired

  • Tailor your resume: Highlight your 5+ years of technology audit experience, penetration testing skills, and knowledge of risk management frameworks.
  • Showcase technical skills: Emphasize your proficiency with tools like Burp suite, Metasploit, NMAP, Nessus, and any exposure to Python or AI.
  • Demonstrate communication: Prepare to discuss your strong written and oral communication, negotiation, and listening skills.
  • Highlight collaboration: Be ready to share examples of your teamwork, initiative, and ability to work effectively with stakeholders.
  • Prepare for technical questions: Familiarize yourself with cloud security best practices and common application security configurations.

Technical preparation

Master penetration testing tools: Burp Suite, Metasploit, NMAP, Nessus.,Practice application security configuration reviews.,Understand cloud security best practices.,Familiarize with Python and AI in audits.

Behavioral questions

Describe a complex audit you led.,How do you handle disagreements with stakeholders?,Share an experience of using data analytics.,How do you stay updated on security trends?

Frequently asked questions

What are the key technical skills required for the IT Lead, Internal Audit role at S&P Global?
For the IT Lead, Internal Audit position at S&P Global, key technical skills include 5+ years of experience in technology audits, specifically web applications. Proficiency in penetration testing tools like Burp suite, Metasploit, NMAP, and Nessus is essential. Experience with Python programming, awareness of generative AI, knowledge of risk management frameworks, and strong application security configuration skills are also important. Familiarity with cloud security and best practices for cloud penetration testing is also a requirement.
Does S&P Global prefer candidates with specific certifications for the IT Lead, Internal Audit position?
Yes, S&P Global has preferred qualifications for the IT Lead, Internal Audit role. While a Bachelor's or Master's degree in information technology or computer science is the basic requirement, certifications like Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Red Team certifications are highly advantageous.
What kind of data analytics tools are beneficial for the IT Lead, Internal Audit role at S&P Global?
Familiarity with data analytics tools is an advantage for the IT Lead, Internal Audit role at S&P Global. Specifically, experience with tools such as Alteryx, Power BI, and Tableau can enhance your application, as these tools are leveraged to improve the efficiency and quality of audit execution.
How important is experience with a Big 4 firm for the IT Lead, Internal Audit job at S&P Global?
While not a strict requirement, experience with a Big 4 firm is considered an advantage for the IT Lead, Internal Audit position at S&P Global. It suggests a strong foundation in audit methodologies and exposure to a wide range of complex environments, which can be valuable in this role.
What is the expected educational background for the IT Lead, Internal Audit position at S&P Global?
The basic qualification for the IT Lead, Internal Audit position at S&P Global is a Bachelor's or Master's degree in Information Technology, Computer Science, or a related major. This foundational education is important for understanding the technical aspects of the role.
How does S&P Global leverage AI and data analytics in its Internal Audit function for this role?
S&P Global aims to leverage cutting-edge digital capabilities, including AI and data analytics practices, to improve its audit activities. For the IT Lead, Internal Audit role, this means utilizing these technologies to enhance the efficiency and quality of audit execution, identify vulnerabilities, and refine internal audit processes.
What are the primary responsibilities of the IT Lead, Internal Audit at S&P Global?
The primary responsibilities for the IT Lead, Internal Audit at S&P Global include leading application security audits, conducting comprehensive security audits (including penetration testing), executing end-to-end audits, reviewing outcomes with auditees, leveraging data analytics and automation, and staying informed about emerging security threats and best practices.