Audit & Inspection Department - Head Office: Manipal. Empanelment of CISA qualified individuals on Contract Basis for conducting IS Audits

Similar documents
Application for Certification

HMT LIMITED (A Government of India Undertaking) HMT Bhavan, # 59, Bellary Road, Bangalore

HINDUSTAN SHIPYARD LIMITED:: VISAKHAPATNAM

Society for Applied Microwave Electronics Engineering & Research Millimeter Wave Technology Centre

HUMAN RESOURCES DEVELOPMENT DEPARTMENT (RECRUITMENT AND PROMOTION DIVISION)

Continuing Professional Development Program Guidelines

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Please complete the Application Form to register as a constituent Assessor and/or Moderator and note the following criterion:

Clubs template privacy notice wording

1. The application should be sponsored by two existing members of ICAM (proposer and seconder).

1. The application should be sponsored by two existing members of ICAM (proposer and seconder).

Atlantic Bylaw Officers Association

NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPPALLI, TAMIL NADU E- mail:

REQUEST FOR EXPRESSIONS OF INTEREST

Revised November EFESC Handbook

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

2018 CANADIAN ELECTRICAL CODE UPDATE TRAINING PROVIDER PROGRAM Guidelines

Page 1 SUPPLIER DECLARATION FORM

NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPPALLI, TAMIL NADU Telephone: / 3040

NATIONAL ASSOCIATION OF LEGAL INVESTIGATORS, INC. Certified Legal Investigator EXAMINATION APPLICATION

EVALUATION AND APPROVAL OF AUDITORS. Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System

EXCEL HEALTHCARE STAFFING AND REFERRAL AGENCY

ASP Professional Standards and Certification Program for Strategic Planning and Strategic Management ASP CERTIFICATION

GUJARAT INTERNATIONAL FINANCE TEC-CITY COMPANY LIMITED (GIFTCL)

Eligibility Criteria

Indian Institute of Technology Kanpur Samtel Centre for Display Technologies

General Instructions:

EXAM PREPARATION GUIDE

Please indicate the branch of engineering/discipline to be placed on the register of Chartered Engineers of Singapore:

THE KARUR VYSYA BANK LIMITED. Recruitment of Executives & Officers Karnataka State

Request For Quotation from Service Providers. for. Appointment of Consultant for Migration to ISO/IEC 27001:2013 alongwith Implementation for UTIITSL

RFP FOR INFORMATION SYSTEM AUDIT

VFS GLOBAL PVT LTD PRIVACY DISCLAIMER

"Energy and Ecological Transition for the Climate" Label Control and Monitoring Plan Guidelines

EXAM PREPARATION GUIDE

APPLICATION FOR RE-CERTIFICATION IN ELDER LAW

National Council for Special Education. NCSE Support Service Assistant National Coordinator Job Description and General Notes

National Council for Special Education. NCSE Support Service Advisor Job Description and General Notes

Timber Products Inspection, Inc.

PROTERRA CERTIFICATION PROTOCOL V2.2

No. BMRCL/ 31/ ADM / 2018/ O&M Date: NOTIFICATION FOR CONTRACT APPOINTMENT

RULES OF TENNESSEE BOARD OF MEDICAL EXAMINERS DIVISION OF HEALTH RELATED BOARDS

TOURISM REGULATORY AUTHORITY VACANCIES

Version No: 1.0 Approved by: Francine Seskin Approved on: 3/28/2018. CEA Exam with Live In-House Seminar Version

The Malaysian Institute of Certified Public Accountants (Institut Akauntan Awam Bertauliah Malaysia)

Application Guidelines. Last modified June

ARCHITECTS REGISTRATION COUNCIL PROFESSIONAL EXAMINATION RULES AND GUIDELINES JUNE 2017

1. SCIENTIST-D (LIBRARY SCIENCE) : 1 Post reserved for OBC(non creamy layer)

PROFESSIONAL REGULATORY BOARD OF ACCOUNTANCY ACCREDITATION:

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

EXAM PREPARATION GUIDE

Biotech Consortium India Limited

Checklist According to ISO IEC 17065:2012 for bodies certifying products, process and services

To: The Singapore Association of The Institute of Chartered Secretaries and Administrators (SAICSA)

CMM Policies and Procedures NARO Foundation Voluntary Certification Program Policy and Procedures

Annexure I: Contact Details:

ISACA s CSX Cybersecurity Practitioner Certification CPE Policy Table of Contents

Continuing Professional Development Verification and Recognition Policy

CONTINUING PROFESSIONAL DEVELOPMENT SCHEME (CPD) FOR AATSL MEMBERS

Call for Expressions of Interest

D.GE Application April 2012

CERTIFIED CONSTRUCTION CONTRACT ADMINISTRATOR (CCCA) DESIGNATION

sportscotland Clubs template privacy notice wording

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice

Training of Trainers (TOT) Process Note SCOPE: Training of Trainers - RASCI Certified Trainers/ Experienced Trainers/ Fresh Trainers

EXAM PREPARATION GUIDE

Training of Trainers (TOT) Process Note SCOPE: Training of Trainers - RASCI Certified Trainers/ Experienced Trainers/ Fresh Trainers

Chapter 4 EDGE Approval Protocol for Auditors Version 3.0 June 2017

CASA External Peer Review Program Guidelines. Table of Contents

Guidelines to Contractors filling up the Registration Form

Checklist According to ISO IEC 17024:2012 for Certification Bodies for person

Certified Assessor. Application for COBIT Certified Assessor

PRIVACY NOTICE. 1.2 We may obtain or collect your Personal Data from various sources including but not limited to:

Information Security Policy

TELECOMMUNICATIONS AND DATA CABLING BUSINESSES

Management & Entrepreneurship and Professional Skills Council (MEPSC) Selection Process for Super Trainers

Standards for Accrediting Forensic Specialty Certification Boards

IPC Certification Scheme IPC QMS/EMS Auditors

Accreditation Application as Provider Tax Professional Occupational Qualification. SAQA ID: Learnership No. 01/Q010048/00/400/8

NIAC Membership Application Checklists

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

Statement on Continuing Professional Education 2003*

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST

EXAM PREPARATION GUIDE

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Payment Card Industry (PCI) Data Security Standard Validation Requirements

2016 RIMS-CRMP Recertification Handbook RIMS

FIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT. Expression of Interest (EOI) (04/2017)

Request for Proposal for Technical Consulting Services

Terms & Conditions governing Samsung Smartphone Bundle Offer ( Offer ):

CISI Membership Policy: CERTIFIED FINANCIAL PLANNER (CFP TM )

APPLICATION FOR NZAS Provisional Membership (NZ Graduate)

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

Data Processing Agreement

EXAM PREPARATION GUIDE

HPE DATA PRIVACY AND SECURITY

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

EXAM PREPARATION GUIDE

MEMBERSHIP POLICY SCA (Qld) Board adopted - 18 November 2014

Transcription:

Audit & Inspection Department - Head Office: Manipal Empanelment of CISA qualified individuals on Contract Basis for conducting IS Audits Applications are invited from eligible CISA qualified Information Systems Auditors (Individuals) for conducting Information System Audits of the Bank, on contract basis. The eligibility criteria and terms and conditions are given hereunder. PARTICULARS Name of Position Numbeof Posts Job Profile CRITERIA Information Systems Auditor (IS Auditor) on Contract Basis 3 (Three) The IS Auditor shall undertake IS Audits as per the Tour Programs (TPs) issued by HO: Audit & Inspection Department individually/ independently or as an audit member with internal IS Audit team. The services of IS Auditors will also be utilized for internal work viz., preparation of Audit coverage and scope, preparation of IS Audit checklists for branches/ functional departments/ other offices based on the activities undertaken, review of IS Audit reports, etc., in addition to the Audit assignments. The following is indicative list of types of IS Audit that the successful applicant has to undertake during the tenure of the contract: a) Detailed pre-implementation Application Control Audits and Data Migration Audits with regard to critical systems as per Gopalakrishna Committee recommendation. Application security audit of web/ mobile applications throughout their lifecycle (pre-implementation, postimplementation and after changes) in environment closely resembling or replica of production environment. b) IS Audit of Data Centre, Near Site and Disaster Recovery Site c) Risk Based IS Audit of Outsourced Vendors IT Environments d) Vulnerability Assessment and Penetration Testing (VAPT) e) Cyber Security Audit f) Comprehensive Audit of Bank s SWIFT Infrastructure. g) Special Audit of the Dealing Room and the system in operation at our T& IBD, Mumbai h) Other Types of IS Audit: These Audits include Regulatory IS Audits and Audits which are not listed above and are conducted on need basis entrusted by

Eligibility for Empanelment Contractual Terms the Bank i. The age of the applicant shall be between 28 to 62 years as on 03.02.2018 ii. The applicant must be a graduate (minimum basic qualification) iii. The applicant shall compulsorily hold an active Certified Information Systems Auditor (CISA) certification from ISACA (mandatory) iv. Preference will be given to applicants holding additional qualifications/ certifications like OSCP/ CEH for conducting Vulnerability Assessment and Penetration Testing (VAPT) v. The individual shall have minimum 5 years of IS Audit experience from Banking, Financial services and Insurance (BFSI) sector or renowned firms/ corporates. Exposure in Cyber Security, Vulnerability Assessment and Penetration testing is preferred. vi. Preference will be accorded to a professional who is more qualified and more experienced. vii. As the IS Security domain is dynamic with ever changing knowledge process, the applicant should have grip on latest knowledge/ developments in IS Audit, IS Security, Cyber Security, penetration testing, Red Teaming Exercises, etc. viii. Preference will be given to candidates who can work from Bengaluru. i. The contract period will be for 1 year, which may be extended up to 3 years, at the discretion of the Bank and the renewal of contract will be based on annual review and satisfactory performance ii. The contract will be on assignment basis (as and when required) iii. The IS Auditor will be paid a lumpsum amount of Rs.3,000 per day as remuneration for the actual number of days she/ he is on audit duty iv. On outstation audit assignments, allowances will be paid as applicable to a Scale 2 officer in the Bank. v. Except the above, the IS Auditor will not be eligible for any other allowance vi. The assigned audit job should be completed within the allotted man-days and no remuneration/ allowances will be paid if the given man-days are exceeded vii. The candidates are not eligible to apply, if any disciplinary action is taken against them and if they are removed from service of any Bank/ Company/ Firm. The candidate shall provide self declaration to this extent. If the Bank comes to know during/ post contract of any omission/ commission in this respect, the Bank may terminate the contract in addition to proceed with

Selection Procedure suitable legal action based on the merits of the issues involved in the best interest of the Bank. In case of any dispute, claim and legal action arising out of this contract, the parties shall be subject to the jurisdiction of courts at Udupi, India only. viii. Applicants should have sound health and ability to travel and should be ready to take up the assignment on call ix. In case of unsatisfactory performance for 2 consecutive Quarters, the assignment will be cancelled, even before completion of the period of assignment. General Manager: HO: Inspection will be the competent authority for such cancellation x. The empaneled IS Auditors will not be eligible for any leave facility, medical reimbursement, etc xi. The engaged IS Auditor shall be ready to travel to any place for conducting the IS Audit assignments entrusted by the Bank xii. Allotment of audit work will be the prerogative of the Bank and the selected candidates will not have any say in the matter. Mere empanelment does not confer any right for entrustment of Audit Work by the Bank xiii. Bank reserves the right to alter, modify and change any of the terms and conditions as per the Policy of the Bank. Modifications of Rules and Terms & Conditions will be made available on website immediately. xiv. The selected candidates can be removed from the panel at any time without assigning any reason The selection will be done through a process of Interview and scrutiny of candidate s qualifications and experience. The applicant shall enclose copies of the following documents with the application being sent. The originals of the same must be presented during the interview (for shortlisted candidates): i) Certificates of basic educational qualifications (graduation) ii) Certificate of CISA issued by ISACA iii) Documentary proof of ISACA membership iv) Certificates of additional qualifications like OSCP, CEH, etc. v) A resume listing work history, key responsibilities handled, current skills, and other relevant experience, industry or merit awards, position descriptions (job specifications), employment contracts, media articles on the subject. vi) Suitable evidences regarding professional experience (Example: appointment letters from the employer, audit engagement letters, certificates of attendance with respect to workshops/ trainings/ conferences attended, salary certificates, service certificates, recognitions

received through professional activities in IS security like Bug Bounty hunting, VAPT, etc. vii) Identity proof and address proof of applicant viii) Documentary evidence for unpaid voluntary work experience (optional) ix) Third party evidence on professional work done such as feedback or letters of appreciation from clients or partners or employers (optional) x) Testimonials confirming the applicants credentials with contact details of two personalities who are in respectable position and, who are willing to be contacted to verify applicant s information. Other Terms and Conditions i. The successful applicant shall be required to enter into a contract with SyndicateBank, within 7 days of the award of the contract or within such extended period as may be specified by The General Manager, Audit & Inspection Department, SyndicateBank, Head Office, Manipal 576104, Karnataka. ii. On selection, the successful applicant shall confirm his acceptance by fax, through duly signed filled-in prescribed format (Annexure 2) to the Bank within 24 hours of communication of such selection. Failure to do so, will result in the cancellation of the empanelment and the next suitable applicant will be empanelled. iii. The successful applicant shall agree to such other terms and conditions in writing as may be determined by the Bank to be necessary for the due performance of the work, as and when required by the Bank. iv. As the successful applicant will have access to the data/ information of the bank while auditing the security, Bank will require the applicant to sign a confidentiality/ nondisclosure agreement (Format will be prescribed at the time of empanelment), within 48 hours of accepting the assignment, undertaking not to disclose or part with any information relating to the bank and its data to any person or persons, as may come into her/ his possession during the course of Vulnerability Assessment and Penetration Testing/ IS Audit. v. The successful applicant will undertake to comply with all the prevailing laws and regulations in India relevant for Information Systems Audit. vi. The applicant IS Audit professionals must comply with ISACA s Code of Professional Ethics. They shall: a) Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems. b) Perform their duties with due diligence and professional care, in accordance with professional standards and best practices.

c) Serve in the interest of SyndicateBank in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession. d) Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. e) Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence. f) Inform appropriate parties of the results of work performed, revealing all significant facts known to them. Failure to comply with this Code of Professional Ethics can result in SyndicateBank reporting the same to ISACA for initiating an investigation into a member s or certification holder s conduct and, ultimately, in disciplinary measures. vii. The successful applicant will also undertake to comply with all the requirements of the guidelines of Reserve Bank of India or other appropriate regulatory authorities with regard to Information Systems Security/ Audit Standards issued from time to time. Errors and Omissions: On any issue or area of material concern not specifically dealt with as above, the decision of the bank shall be final and binding on all concerned. The application form duly filled in (as per Annexure) shall be sent to the following address by post/ courier super scribing empanelment of external CISA qualified Auditors, on the cover: The General Manager SyndicateBank Audit & Inspection Department Head Office Manipal- 576104. The Last Date for Receipt of Application is 03.02.2018 latest by 4.30 p.m Please note that, incomplete/ belated applications will not be entertained.

ANNEXURE I PHOTOGRAPH Application for Empanelment of three CISA qualified professionals for conducting IS Audits on contract basis Sl No Particulars 1. Name of the Applicant 2. Date of Birth 3. Age as on the date of application 4. Place of Domicile 5. Address and Contact details of the Applicant (Presently Domiciled at) (a) Land Line with STD code (b) Mobile number separately) 6. Permanent Address 7. Email ID 8. Educational Qualifications with year of passing and validity of certification Graduation: CISA: Additional qualifications (OSCP, CEH, etc.): 9. Number of years of experience in Information Systems/ Security Audit. 10. Have you conducted Information Systems Audits/ IT infrastructure audits/ DC, DRS, Network Audits/ Software application audits/ IS audits of outsourced vendors/ etc., for a Bank on a large scale? If yes, please give details of the same including the

details of services and the scope along with proof. 11. Have you conducted Information Systems Audits for cyber security, Internet Banking, Mobile Banking for any Bank in India? If yes, please give details of the same including the complete details of services and the scope along with proof. Audits, if any carried out abroad may be specified separately. 12. Specify the tools used if any for conducting the IS audits so far. If yes, specify whether you are certified for use of the tools used for audit. 13. Is there any case pending with CBI/ other Law Enforcement Agencies, if so furnish details 14. Furnish details of assignments in other Organisations/ Institutions, if any 15. Present Health Conditions/ suitability to undertake journey/ Tour 16. Any other related information, not mentioned above, which the applicant would wish to furnish. 17. Have you done Penetration Testing & Vulnerability Assessment on network, Internet Banking, etc.? Please give details required in the following table. Sl. No. Areas Whether penetration Testing & Vulnerability Assessment were conducted If yes, mention details of services and the scope along with proof. 1 Systems/ network/ network devices/ security devices YES/ NO 2 Internet Banking YES/ NO 3 Mobile Banking/ SMS Banking YES/ NO 4 Cheque Truncation system YES/ NO 5 Financial Inclusion YES/ NO

6 Cash Management Services Centre YES/ NO 7 Depository Participant Cell YES/ NO 8 Integrated Treasury Management system YES/ NO 9 Card Centre YES/ NO 10 Others YES/ NO DECLARATION I hereby declare that the information submitted above is complete in all respects and true to the best of my knowledge. I understand that in case any discrepancy or inconsistency or incompleteness is found in the information submitted by me, my application is liable to be rejected. Place: Date: Signature of the Applicant

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback