Track Manager - IT security

Job Summary

ITGC Auditor

The ITGC Audit support is responsible for evaluating, testing, and improving IT General Controls across the organization to ensure compliance with IT control requirements and internal policies. The role supports audit readiness, risk mitigation, and strengthens control environments across IT systems and processes.

Key Responsibilities:

1. Audit Execution

Perform IT General Controls (ITGC) audits support covering:

Access Management (user provisioning, de-provisioning, privileged access)

Change Management (SDLC controls, emergency changes, approvals)

IT Operations (job monitoring, backups, incident management)

Conduct walkthroughs and document process flows.

Execute control testing (design and operating effectiveness).

Risk & Compliance Assessment:

Identify control gaps, weaknesses, and non-compliance issues.

Map IT controls to frameworks such as:

SOX

ISO 27001

NIST

COBIT

NIS2 (where applicable)

Evaluate IT risks and recommend remediation actions.

1. Audit Documentation

Prepare clear and concise audit workpapers and evidence.

Draft audit reports including:

Observations

Risk ratings (High / Medium / Low)

Root cause analysis

Remediation recommendations

Ensure documentation meets internal and external audit standards.

1. Stakeholder Engagement

Collaborate with IT, Security, and business teams.

Conduct audit meetings and walkthrough sessions with stakeholders.

Track remediation actions and follow-ups with control owners.

Continuous Monitoring & Improvement:

Support ongoing ITGC monitoring programs.

Recommend process improvements and automation opportunities.

Required Qualifications:

Education:

Bachelor’s degree in Information Technology, Computer Science, or related field.

Experience:

3–8 years of experience in IT audit, IT risk, or IT compliance.

Hands-on experience in ITGC audits for enterprise systems (SAP, Oracle, Windows/Linux environments).

Deep understanding of minimum two technologies from below but not limited to:

Windows Servers

SQL

Unix Servers (RHEL, AIX, z Linux, Su Se etc)

Oracle

PostgreSQL

Mainframe (zOS)

IBMi (AS400)

SAP HAHA

Azure/AWS

Active Directory

IAM

Service Now(technical)

Key Skills & Competencies:

Technical Skills:

Strong understanding of:

Access controls (RBAC, IAM tools)

Change management processes

IT operations (backup, scheduling, incident management)

Tools

GRC tools (Service Now GRC, Archer, Metric Stream)

Data analysis tools (Excel, Power BI)

Ticketing tools (Service Now)

Soft Skills:

Strong analytical and problem-solving skills

Excellent documentation and reporting ability

Stakeholder communication and coordination

Attention to detail and audit rigor

Certifications (Preferred)

CISA (Certified Information Systems Auditor)

ISO 27001 Lead Auditor

Key Deliverables

Risk assessments and remediation tracking logs

Audit evidence aligned with compliance requirements

Key Responsibilities

Audit

Skill Requirements

Risk assessment, audit, compliance

Other Requirements

Security risk assessment