Senior IT Auditor

Karnataka, India
Competitive salary
24 Oct 2020
27 Oct 2020
Job role

Amazon India continues to expand at an amazing pace. We are seeking an experienced Senior Internal Auditor to execute and deliver high quality Information Technology (IT) and Information Security audits across our diverse businesses. This is a high visibility opportunity to partner with Amazon business and technology teams to make important improvements throughout our business.

Our team is cross-functional and you will perform a wide range of IT and Information Security audits. Business Areas include: logistics and supply chain, e-business marketplace and operations, privacy and data protection, customer experience, compliance with regulations and policies, procurement to pay, information security, business continuity, and process automation, among others.

You will be expected to:

• Lead the IT risk assessment process;
• Develop the audit strategy and plan for IT, applications, and data security;
• Align with the senior leaders on audit vision;
• Undertake the planning, scoping, execution, and reporting of audits and advisory projects based on the annual audit plan. The scope will include review of IT and Information Security controls and/or application controls.

You will collaborate with the Audit, Information Security, Business and Technology teams to focus on the areas of highest risk and greatest impact, and deliver quality audits, with consistency and efficiency.

You will perform as a sole contributor and a teammate concurrently.

You need to be able to deal with ambiguity and complex business problems, be resourceful and self-motivated, take ownership, dive deep to understand issues and assess risks, and influence the business to commit to sustainable remediation plans.

You should be able to handle multiple deliverables and projects, understand the details while connecting with the big-picture, strategic goals driving the business. And as significantly, you should be able to create trusted working relationships with the business, insisting on highest standards and long-term thinking.

In this position you will dig deep into the details of the business vertical that you are will be auditing. You are expected to understand complex business processes and identify the full range of risks related to technology, data, and information security. You should be comfortable interacting with Information Security teams, software development engineers, data engineers as well as business process owners.

You will have the opportunity to learn our business and meet a wide range of business and technology stakeholders. The requirement is to go beyond just finding risks. You should be able to translate risks into audit opportunities and help drive business solutions. You should also be able work with business and technology process owners as a trusted advisor to identify root causes of issues and to drive implementation of solutions. You are expected to prioritize findings and recommendations in tune with our business strategy. You should be able to facilitate multiple stakeholders to agree on appropriate solutions and verify that risks are mitigated appropriately. We value personality, insights, intellectual flexibility, and sound business judgment.

You are expected to be an excellent writer who can succinctly communicate complicated issues in business terms. You must be a strong project manager who can conduct your own audits from beginning to end, often managing multiple projects at once.

This position will be based in Bangalore, India and may require up to 25% domestic & international travel.

You must demonstrate:
• Strong IT, applications, cloud, and data risk management experience, including: performing risk assessments and audits, designing controls, evaluating enterprise control frameworks.
• Excellent written and verbal communication skills, and proven ability to work with technology and functional teams. You will prepare reports and make presentations to senior level management. You will interact with various levels of employees to collect and communicate information.
• Capability to collaborate within fast paced team of experienced professionals to the right results with a focused and pragmatic approach to the business.
• Strong analytical skills. Proven history of analyzing data and situations to identify meaningful observations.
• Strong experience in enterprise-scale complex applications and data systems
• Self-starter, possess flexibility to work in a fast-changing environment and ambiguous situations
• Understanding of audit, risk management, controllership, and compliance principles
• Ability to make the right trade-offs between schedule, resources, and scope to deliver on your projects
• Willingness and ability to dive deep into the assigned audit areas.


• BA/BS degree in Information Technology, Accounting, Engineering, Finance, or similar fields
• 6+ years of experience with Information Technology, IT Risk, Information Security, Accounting, IT Auditing, Risk Management, Compliance, or Finance roles, showing progression in areas for responsibility (Of which 3+ years of experience with IT auditing or risk management; and 3+ years of security engineering, vulnerability testing experience)
• Knowledge of threat modeling or other risk identification techniques
• Knowledge of system security vulnerabilities and remediation techniques
• Familiarity with attack patterns and exploitation techniques
• Experience with hardware security, system and network security, authentication and security protocols, cryptography, and application security
• Technology or system audit experience (e.g., firewall rules review, architecture review, threat modeling)
• Software/SDLC or product development experience
• Very high standards of excellence with high attention to details
• Ability to travel up to 25%


• Results-oriented, high energy, self-motivated, and ability to collaborate with diverse teams
• Proven history of having worked effectively across cross-functional teams and business functions
• Graduate or advanced degree (e.g., MBA)
• Relevant certifications (e.g., CISSP, CCNA, CCSP, CISA, CFE, Cloud Security)
• Familiarity with Machine Learning, Data Analytics tools desirable
• AWS or cloud equivalent usage (e.g., development) or evaluation (risk review)
• Knowledge of technical security issues facing large companies

Similar jobs

Similar jobs