Roles & Responsibilities :

Position Overview:

The IT Internal Auditor will be responsible for the execution of risk-based internal audit assignments focused on information systems, technology infrastructure, cybersecurity, and digital processes. This role requires a strong understanding of IT general controls (ITGCs), cybersecurity frameworks, system development practices, and regulatory compliance standards. The IT Internal Auditor will perform fieldwork, document findings, and assist in reporting results to senior management. The role supports the Internal Audit Manager in delivering the IT audit plan and ensuring effective technology risk mitigation and control enhancement across the organization.

Key Responsibilities:

1. Audit Execution:

• Execute IT internal audits in line with the approved audit plan

• Perform audits across infrastructure, applications, data management, and cybersecurity functions.

• Conduct walkthroughs, gather system documentation, assess IT processes, and evaluate the design and operating effectiveness of IT controls.

• Evaluate compliance with company IT policies, cybersecurity protocols, and applicable regulations such as GDPR, DPDP, NIST, ISO 27001, and COBIT.

• Identify weaknesses in IT controls, process inefficiencies, and opportunities for automation or system optimization.

• Perform testing of IT general controls (e.g., access controls, change management, backup & recovery) and application controls.

• Document audit procedures and findings in accordance with internal audit standards.

• Ensure audit working papers are complete, clear, and appropriately support conclusions.

2.

Reporting & Communication:

• Drafting audit observations and IT risk recommendations

• Driving and Monitor remediation progress for audit issues and work with IT and business process owners to ensure timely resolution.

3.

Risk & Control Assessment:

• Support the annual IT risk assessment by analyzing threat trends, technology risks, and control gaps.

• Contribute to the identification of emerging risks including cloud security, third-party risks, and cyber threats.

• Deliver timely reports on IT control weaknesses, system vulnerabilities, and non-compliance with frameworks.

• Participate in control self-assessment (CSA) reviews and provide inputs into the enterprise risk management process.

4. Stakeholder Engagement:

• Liaise with IT, information security, data privacy, and application teams during audits to understand systems and processes.

• Communicate audit findings in a constructive, risk-based manner to drive timely remediation.

5.

Compliance & Regulatory Oversight:

• Ensure compliance with regulatory requirements such as SOX, GDPR, NCA, or applicable industry standards for IT controls.

• Stay updated on changes to cybersecurity laws, data protection guidelines, and digital risk requirements.

• Apply knowledge of frameworks such as ISO 27001, NIST CSF, ITIL, and COBIT in evaluating IT control effectiveness.

6.Continuous Improvement:

• Identify control improvement opportunities in IT processes, system security, and technology governance.

• Contribute to the enhancement of audit methodologies for IT audits, including data analytics and automated testing.

• Stay informed on developments in cybersecurity, AI risks, and cloud governance, and apply insights to audits relevant to the software and GCC sectors.

Key Skills and Competencies:

• Strong understanding of IT audit methodologies, ITGCs, and cybersecurity best practices.

• Familiarity with key frameworks such as COBIT, NIST, ISO 27001, and ITIL.

• Knowledge of ERP systems, databases, cloud environments (e.g., AWS, Azure), and enterprise applications.

• Analytical mindset with the ability to evaluate system configurations, identify vulnerabilities, and assess control design.

• Excellent communication skills to translate technical findings into actionable business insights.

• Proficiency in Microsoft Office Suite; familiarity with GRC platforms, audit management tools, and security monitoring software is an advantage.

• Ability to manage multiple assignments and meet deadlines in a dynamic environment.

Educational qualification:

Qualifications:

• Bachelor’s degree in accounting, Finance, Business, Information Systems, Computer Science, Cybersecurity, or a related field. or a related field.

• CA/CIA/CPA/ICAEW or equivalent certification is preferred.

• CISA, CIA, CISSP, or other relevant certifications preferred

• 7-10 years of experience in IT auditing, cybersecurity, risk management, or related technology roles.

• Hands-on experience with evaluating ITGCs, access controls, change management, and cybersecurity controls.

• Familiarity with systems such as SAP, Microsoft 365, cloud platforms, and modern digital tools is required

Bosch Global Software Technologies Private Limited is a 100% owned subsidiary of Robert Bosch GmbH, one of the world's leading global supplier of technology and services, offering end-to-end Engineering, IT and Business Solutions. With over 28,200+ associates, it’s the largest software development center of Bosch, outside Germany, indicating that it is the Technology Powerhouse of Bosch in India with a global footprint and presence in the US, Europe and the Asia Pacific region.