Audit & Inspection Department – Head Office: Manipal
Empanelment of CISA qualified individuals on Contract Basis for conducting IS Audits
Applications are invited from eligible CISA qualified Information Systems Auditors (Individuals) for conducting Information System Audits of the Bank, on contract basis.
The eligibility criteria and terms and conditions are given hereunder.
|Name of Position||Information Systems Auditor (IS Auditor) on Contract Basis|
|Numbe of Posts||3 (Three)|
|Job Profile||The IS Auditor shall undertake IS Audits as per the Tour Programs (TPs) issued by HO: Audit & Inspection Department individually/ independently or as an audit member with internal IS Audit team. The services of IS Auditors will also be utilized for internal work viz., preparation of Audit coverage and scope, preparation of IS Audit checklists for branches/ functional departments/ other offices based on the activities undertaken, review of IS Audit reports, etc., in addition to the Audit assignments.
The following is indicative list of types of IS Audit that the successful applicant has to undertake during the tenure of the contract:
a) Detailed pre-implementation Application Control Audits and Data Migration Audits with regard to critical systems as per Gopalakrishna Committee recommendation. Application security audit of web/ mobile applications throughout their lifecycle (pre-implementation, post-implementation and after changes) in environment closely resembling or replica of production environment.
b) IS Audit of Data Centre, Near Site and Disaster Recovery Site
c) Risk Based IS Audit of Outsourced Vendors’ IT Environments
d) Vulnerability Assessment and Penetration Testing (VAPT)
e) Cyber Security Audit
f) Comprehensive Audit of Bank’s SWIFT Infrastructure.
g) Special Audit of the Dealing Room and the system in operation at our T& IBD, Mumbai
h) Other Types of IS Audit: These Audits include Regulatory IS Audits and Audits which are not listed above and are conducted on need basis entrusted by the Bank
|Eligibility for Empanelment
|i. The age of the applicant shall be between 28 to 62 years as on 03.02.2018
ii. The applicant must be a graduate (minimum basic qualification)
iii. The applicant shall compulsorily hold an active Certified Information Systems Auditor (CISA) certification from ISACA (mandatory)
iv. Preference will be given to applicants holding additional qualifications/ certifications like OSCP/ CEH for conducting Vulnerability Assessment and Penetration Testing (VAPT)
v. The individual shall have minimum 5 years of IS Audit experience from Banking, Financial services and Insurance (BFSI) sector or renowned firms/ corporates. Exposure in Cyber Security, Vulnerability Assessment and Penetration testing is preferred.
vi. Preference will be accorded to a professional who is more qualified and more experienced.
vii. As the IS Security domain is dynamic with ever changing knowledge process, the applicant should have grip on latest knowledge/ developments in IS Audit, IS Security, Cyber Security, penetration testing, Red Teaming Exercises, etc.
viii. Preference will be given to candidates who can work from Bengaluru.
|Contractual Terms||i. The contract period will be for 1 year, which may be extended up to 3 years, at the discretion of the Bank and the renewal of contract will be based on annual review and satisfactory performance
ii. The contract will be on assignment basis (as and when required)
iii. The IS Auditor will be paid a lumpsum amount of Rs.3,000 per day as remuneration for the actual number of days she/ he is on audit duty
iv. On outstation audit assignments, allowances will be paid as applicable to a Scale 2 officer in the Bank.
v. Except the above, the IS Auditor will not be eligible for any other allowance
vi. The assigned audit job should be completed within the allotted man-days and no remuneration/ allowances will be paid if the given man-days are exceeded
vii. The candidates are not eligible to apply, if any disciplinary action is taken against them and if they are removed from service of any Bank/ Company/ Firm. The candidate shall provide self declaration to this extent. If the Bank comes to know during/ post contract of any omission/ commission in this respect, the Bank may terminate the contract in addition to proceed with suitable legal action based on the merits of the issues involved in the best interest of the Bank. In case of any dispute, claim and legal action arising out of this contract, the parties shall be subject to the jurisdiction of courts at Udupi, India only.
viii. Applicants should have sound health and ability to travel and should be ready to take up the assignment on call
ix. In case of unsatisfactory performance for 2 consecutive Quarters, the assignment will be cancelled, even before completion of the period of assignment. General Manager: HO: Inspection will be the competent authority for such cancellation
x. The empaneled IS Auditors will not be eligible for any leave facility, medical reimbursement, etc
xi. The engaged IS Auditor shall be ready to travel to any place for conducting the IS Audit assignments entrusted by the Bank
xii. Allotment of audit work will be the prerogative of the Bank and the selected candidates will not have any say in the matter. Mere empanelment does not confer any right for entrustment of Audit Work by the Bank
xiii. Bank reserves the right to alter, modify and change any of the terms and conditions as per the Policy of the Bank. Modifications of Rules and Terms & Conditions will be made available on website immediately.
xiv. The selected candidates can be removed from the panel at any time without assigning any reason
|Selection Procedure||The selection will be done through a process of Interview and scrutiny of candidate’s qualifications and experience.
The applicant shall enclose copies of the following documents with the application being sent. The originals of the same must be presented during the interview (for shortlisted candidates):
i) Certificates of basic educational qualifications (graduation)
ii) Certificate of CISA issued by ISACA
iii) Documentary proof of ISACA membership
iv) Certificates of additional qualifications like OSCP, CEH, etc.
v) A resume listing work history, key responsibilities handled, current skills, and other relevant experience, industry or merit awards, position descriptions (job specifications), employment contracts, media articles on the subject.
vi) Suitable evidences regarding professional experience (Example: appointment letters from the employer, audit engagement letters, certificates of attendance with respect to workshops/ trainings/ conferences attended, salary certificates, service certificates, recognitions received through professional activities in IS security like Bug Bounty hunting, VAPT, etc.
vii) Identity proof and address proof of applicant
viii) Documentary evidence for unpaid voluntary work experience (optional)
ix) Third party evidence on professional work done such as feedback or letters of appreciation from clients or partners or employers (optional)
x) Testimonials confirming the applicants credentials with contact details of two personalities who are in respectable position and, who are willing to be contacted to verify applicant’s information.
|Other Terms and Conditions||i. The successful applicant shall be required to enter into a contract with SyndicateBank, within 7 days of the award of the contract or within such extended period as may be specified by The General Manager, Audit & Inspection Department, SyndicateBank, Head Office, Manipal–576104, Karnataka.
ii. On selection, the successful applicant shall confirm his acceptance by fax, through duly signed filled-in prescribed format (Annexure–2) to the Bank within 24 hours of communication of such selection. Failure to do so, will result in the cancellation of the empanelment and the next suitable applicant will be empanelled.
iii. The successful applicant shall agree to such other terms and conditions in writing as may be determined by the Bank to be necessary for the due performance of the work, as and when required by the Bank.
iv. As the successful applicant will have access to the data/ information of the bank while auditing the security, Bank will require the applicant to sign a confidentiality/ non-disclosure agreement (Format will be prescribed at the time of empanelment), within 48 hours of accepting the assignment, undertaking not to disclose or part with any information relating to the bank and its data to any person or persons, as may come into her/ his possession during the course of Vulnerability Assessment and Penetration Testing/ IS Audit.
v. The successful applicant will undertake to comply with all the prevailing laws and regulations in India relevant for Information Systems Audit.
vi. The applicant IS Audit professionals must comply with ISACA’s Code of Professional Ethics. They shall:
a) Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.
b) Perform their duties with due diligence and professional care, in accordance with professional standards and best practices.
c) Serve in the interest of SyndicateBank in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.
d) Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.
e) Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.
f) Inform appropriate parties of the results of work performed, revealing all significant facts known to them.
Failure to comply with this Code of Professional Ethics can result in Syndicate Bank reporting the same to ISACA for initiating an investigation into a member’s or certification holder’s conduct and, ultimately, in disciplinary measures.
vii. The successful applicant will also undertake to comply with all the requirements of the guidelines of Reserve Bank of India or other appropriate regulatory authorities with regard to Information Systems Security/ Audit Standards issued from time to time.
Errors and Omissions:
On any issue or area of material concern not specifically dealt with as above, the decision of the bank shall be final and binding on all concerned.
The application form duly filled in (as per Annexure) shall be sent to the following address by post/ courier super scribing “empanelment of external CISA qualified Auditors”, on the cover:
The General Manager
Audit & Inspection Department
The Last Date for Receipt of Application is 03.02.2018 latest by 4.30 p.m
Please note that, incomplete/ belated applications will not be entertained.