Intern - Technology Risk Advisory

Position summary

• This is a great opportunity to join our Technology Risk Advisory Team which provides a wide range of technology risk services related to Data Privacy and Cybersecurity, SOX/ICFR, Service Organization Control (SOC) Reporting, ERP Implementation Assurance, and IT Audit. • As an Intern, the individual gets experience in various Technology Risk domains such as: governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy, and data protection. • This role also includes working alongside with our global teams to help clients in reviewing architecture and controls from data privacy and cybersecurity perspective and in providing advisory to mitigate the identified risks whilst simultaneously gaining skills to develop a career in a fast-growing professional services organization while ensuring exceptional client service, quality, and delivery.

Primary responsibilities

• Execute activities related to the assessing, designing, and implementation new IT risk and control frameworks, including Data Privacy and Cybersecurity Framework, sustainable solutions (including applying knowledge of governance, risk, and compliance tools), operating processes, and people models to address key and evolving risks, as necessary • Perform the test of design, operating effectiveness, accuracy, and completeness of • Information Security Controls for Data Privacy and Cybersecurity per the applicable standards (OWASP TOP 10, CIS, CIA Triad, TCP, COSO/COBIT, ISO 27000, NIST CSF, PCI DSS, HITRUST, MITRE, and/or GDPR), and • IT General Control, IT Application Controls (Configurable, Non-configurable), Interfaces, IPEs, and Data Migration in ERP Platform for the support of financial statement audits per the SOX/ICFR, SSAE 18, risk based internal audit, ERP Implementation, and/or as part of the integrated audit per any other applicable statute • Perform penetration testing, application testing, and security code review • Prepare the process narrative, process flowchart, policy and procedure document, risk control matrix (RCM), and the assurance task for the testing.

• Document testing workpapers in accordance with common industry practice for the client engagements • Prepare comprehensive executive summaries and final reports for delivery to the stakeholder.

Qualifications, skills, and experience

• Pursuing/Qualified relevant professional qualifications such as CA/ CPA/MBA/ B.S./ B.E./ B. Tech/M.Tech/ MCA/ MS/ BCA • Industry certifications such as CISA, CSFA, CISM, CISSP or CRISC (or similar) will be advantageous • Familiarity with industry standards and frameworks such as OWASP TOP 10, CIS, CIA Triad, TCP, COSO/COBIT, ISO 27000, NIST CSF, PCI DSS, HITRUST, MITRE, and/or GDPR etc. • Scripting language understanding is an advantage (NcML, Python, SQL, Bash, PowerShell, etc.) • Strong communication skills and ability to draft comprehensive report stating about the findings and recommendations to the clients and senior management team