Empanelment of Information Systems (IS) Auditor with Syndicate Bank

The following is indicative list of types of IS Audit that the successful applicant has to undertake during the tenure of the contract:

a) Detailed pre-implementation Application Control Audits and Data Migration Audits with regard to critical systems as per Gopalakrishna Committee recommendation. Application security audit of web/ mobile applications throughout their lifecycle (pre-implementation, post-implementation and after changes) in environment closely resembling or replica of production environment.

b) IS Audit of Data Centre, Near Site and Disaster Recovery Site

c) Risk Based IS Audit of Outsourced Vendors’ IT Environments

d) Vulnerability Assessment and Penetration Testing (VAPT)

e) Cyber Security Audit

f) Comprehensive Audit of Bank’s SWIFT Infrastructure.

g) Special Audit of the Dealing Room and the system in operation at our T& IBD, Mumbai

h) Other Types of IS Audit: These Audits include Regulatory IS Audits and Audits which are not listed above and are conducted on need basis entrusted by the Bank

ii. The applicant must be a graduate (minimum basic qualification)

iii. The applicant shall compulsorily hold an active Certified Information Systems Auditor (CISA) certification from ISACA (mandatory)

iv. Preference will be given to applicants holding additional qualifications/ certifications like OSCP/ CEH for conducting Vulnerability Assessment and Penetration Testing (VAPT)

v. The individual shall have minimum 5 years of IS Audit experience from Banking, Financial services and Insurance (BFSI) sector or renowned firms/ corporates. Exposure in Cyber Security, Vulnerability Assessment and Penetration testing is preferred.

vi. Preference will be accorded to a professional who is more qualified and more experienced.

vii. As the IS Security domain is dynamic with ever changing knowledge process, the applicant should have grip on latest knowledge/ developments in IS Audit, IS Security, Cyber Security, penetration testing, Red Teaming Exercises, etc.

viii. Preference will be given to candidates who can work from Bengaluru.

ii. The contract will be on assignment basis (as and when required)

iii. The IS Auditor will be paid a lumpsum amount of Rs.3,000 per day as remuneration for the actual number of days she/ he is on audit duty

iv. On outstation audit assignments, allowances will be paid as applicable to a Scale 2 officer in the Bank.

v. Except the above, the IS Auditor will not be eligible for any other allowance

vi. The assigned audit job should be completed within the allotted man-days and no remuneration/ allowances will be paid if the given man-days are exceeded

vii. The candidates are not eligible to apply, if any disciplinary action is taken against them and if they are removed from service of any Bank/ Company/ Firm. The candidate shall provide self declaration to this extent. If the Bank comes to know during/ post contract of any omission/ commission in this respect, the Bank may terminate the contract in addition to proceed with suitable legal action based on the merits of the issues involved in the best interest of the Bank. In case of any dispute, claim and legal action arising out of this contract, the parties shall be subject to the jurisdiction of courts at Udupi, India only.

viii. Applicants should have sound health and ability to travel and should be ready to take up the assignment on call

ix. In case of unsatisfactory performance for 2 consecutive Quarters, the assignment will be cancelled, even before completion of the period of assignment. General Manager: HO: Inspection will be the competent authority for such cancellation

x. The empaneled IS Auditors will not be eligible for any leave facility, medical reimbursement, etc

xi. The engaged IS Auditor shall be ready to travel to any place for conducting the IS Audit assignments entrusted by the Bank

xii. Allotment of audit work will be the prerogative of the Bank and the selected candidates will not have any say in the matter. Mere empanelment does not confer any right for entrustment of Audit Work by the Bank

xiii. Bank reserves the right to alter, modify and change any of the terms and conditions as per the Policy of the Bank. Modifications of Rules and Terms & Conditions will be made available on website immediately.

xiv. The selected candidates can be removed from the panel at any time without assigning any reason

The applicant shall enclose copies of the following documents with the application being sent. The originals of the same must be presented during the interview (for shortlisted candidates):

i) Certificates of basic educational qualifications (graduation)

ii) Certificate of CISA issued by ISACA

iii) Documentary proof of ISACA membership

iv) Certificates of additional qualifications like OSCP, CEH, etc.

v) A resume listing work history, key responsibilities handled, current skills, and other relevant experience, industry or merit awards, position descriptions (job specifications), employment contracts, media articles on the subject.

vi) Suitable evidences regarding professional experience (Example: appointment letters from the employer, audit engagement letters, certificates of attendance with respect to workshops/ trainings/ conferences attended, salary certificates, service certificates, recognitions received through professional activities in IS security like Bug Bounty hunting, VAPT, etc.

vii) Identity proof and address proof of applicant

viii) Documentary evidence for unpaid voluntary work experience (optional)

ix) Third party evidence on professional work done such as feedback or letters of appreciation from clients or partners or employers (optional)

x) Testimonials confirming the applicants credentials with contact details of two personalities who are in respectable position and, who are willing to be contacted to verify applicant’s information.

ii. On selection, the successful applicant shall confirm his acceptance by fax, through duly signed filled-in prescribed format (Annexure–2) to the Bank within 24 hours of communication of such selection. Failure to do so, will result in the cancellation of the empanelment and the next suitable applicant will be empanelled.

iii. The successful applicant shall agree to such other terms and conditions in writing as may be determined by the Bank to be necessary for the due performance of the work, as and when required by the Bank.

iv. As the successful applicant will have access to the data/ information of the bank while auditing the security, Bank will require the applicant to sign a confidentiality/ non-disclosure agreement (Format will be prescribed at the time of empanelment), within 48 hours of accepting the assignment, undertaking not to disclose or part with any information relating to the bank and its data to any person or persons, as may come into her/ his possession during the course of Vulnerability Assessment and Penetration Testing/ IS Audit.

v. The successful applicant will undertake to comply with all the prevailing laws and regulations in India relevant for Information Systems Audit.

vi. The applicant IS Audit professionals must comply with ISACA’s Code of Professional Ethics. They shall:

a) Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.

b) Perform their duties with due diligence and professional care, in accordance with professional standards and best practices.

c) Serve in the interest of SyndicateBank in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.

d) Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

e) Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.

f) Inform appropriate parties of the results of work performed, revealing all significant facts known to them.

Failure to comply with this Code of Professional Ethics can result in Syndicate Bank reporting the same to ISACA for initiating an investigation into a member’s or certification holder’s conduct and, ultimately, in disciplinary measures.

vii. The successful applicant will also undertake to comply with all the requirements of the guidelines of Reserve Bank of India or other appropriate regulatory authorities with regard to Information Systems Security/ Audit Standards issued from time to time.