WHO ARE WE?
Afiniti is the world’s leading applied artificial intelligence and advanced analytics provider. Afiniti Enterprise Behavioral Pairing™ uses artificial intelligence to identify subtle and valuable patterns of human interaction in order to pair individuals on the basis of behavior, leading to more successful interactions and measurable increases in enterprise profitability.
Afiniti operates throughout the world and has measurably driven billions of dollars in incremental value for our clients. Key Responsibilities
Develop a good understanding of Afiniti business processes, Afiniti application and deployment process.
Responsible for due care and due diligence audits for Afiniti.
Responsible for end-to-end audits related to (Privileged) Identity and Access Management.
Schedules and plans audits; initiates project planning, assess risk, and develops audit direction.
Reporting on compliance findings (and associated remediation tasks)
Tracking remediation items
Participates in development, implementation, and maintenance of policies, objectives, short-and long-range planning; develops and implements projects and programs to assist in the accomplishment of established goals.
Support in third-party IS assessment process for Afiniti. Conduct internal IS audit for customer deployment before the initiation of customer IS audit.
Performing regular Access Reviews (audits)
Highlighting contractual requirements for different business units of Afiniti. Understanding of ISO 27001, SOC2, ITGC, and PCI DSS standards.
Supporting GRC team in policy modification, procedure development of ISO 27001, SOC2, ITGC, PCI DSS, and internal security baselines as per emerging business requirements.
Participation in awareness session, developing awareness for different internal teams on security requirement for evidence gathering on audits.
Experience and Skill Set
5-8 years of IS experience and 3-4 of IT Auditing experience
Ability to develop a good understanding of Afiniti business processes, Afiniti application and deployment process
Clear, complete and thorough understanding of ISO 27001, NIST, PCI DSS standards and other applicable standards / regulations
Developing and documenting the policies, procedures, standards, guidelines, SOPs, checklists, plans, templates, etc.
Proven experience in risk management and a strong knowledge of different risk management standards and different best practices
Updating knowledge about emerging industry or technology trends
Liaison with the external auditors and third-party InfoSec assessors
Conduct and assist in internal IS audit for internal audits of different departments
Recommend solutions to mitigate risks
Coordinating and remediating audit findings along with other personnel or departments
Education & Qualifications
Bachelor of Engineering (or higher) in Computer Sciences or related disciplines
Professional security certifications (CISSP, CRISC, CIA, or CISA) (preferably)
SALARY AND PACKAGE
As well as a competitive base salary dependent on the number of years of experience, we also offer corporate benefits.