IT Governance
1. IT governance structure & compositions.
2. Information security policies & process.
3. Risk assessment & controls implemented.
Logical Access Controls review
1. User creation, deactivation, and recertification process.
2. Password management – Password parameters configuration, password communication
process, change at first login, 2-factor authentication, password storage in DB.
3. Role-based access controls to ensure Segregation of duties.
4. Management of Generic IDs.
5. Review of admin/ super user activity
Information Technology General Controls
1. Backup process and restoration tests performed.
2. Review of BCP/ DR drill reports in accordance with RPO/ RTO controls.
3. Data encryption controls.
4. Physical & Environmental controls
5. Review of VAPT and ATR.
6. Review of change management.
7. Review of source code review report.
8. Review of endpoint security.
9. Review of capacity and incident management.
10. Review of IT risk assessment and controls implemented
Cyber-security controls
1. Review in accordance with regulatory requirements.
2. Data loss prevention controls.
3. Review of password policy.
4. Usage of Anti Malware and Anti Virus.
5. Review of security awareness training.
6. Review of Data Breach response plan.
Network & Operating system control review.
1. Review of network diagram.
2. Review of IT infrastructure.
3. Review of Hardening process.
4. Patch management.
5. Review of VAPT.
6. Review of configuration for Firewall, IPS & IDS.
Location: Mumbai
Experience: 1-3 years