ITGC Senior Associate - Patch Management

Position : ITGC Senior Associate

Location : Bangalore / Hyderabad / Noida / Kolkata

Notice Period : Maximum 30 days

Role Overview :

We are looking for an experienced ITGC (IT General Controls) Senior Associate to join our Risk Advisory / IT Audit team. The ideal candidate will be responsible for assessing, testing, and improving IT controls across various business processes and technology environments. This role involves working closely with clients to identify gaps, evaluate control effectiveness, and ensure compliance with key regulatory frameworks such as SOX and COSO.

Key Responsibilities :

- Conduct end-to-end IT General Controls (ITGC) and IT Application Controls (ITAC) testing across different systems and applications.

- Perform pre- and post-implementation reviews and migration testing to validate control effectiveness and system changes.

- Execute vulnerability management, patch management, and issue validation to assess control performance and identify potential risks.

- Evaluate and audit network security and IT architecture to ensure adherence to security policies and frameworks.

- Review and test the Business Continuity Planning (BCP) and Disaster Recovery (DR) procedures to confirm readiness and compliance.

- Conduct IPE (Information Provided by Entity) testing to verify the accuracy, completeness, and reliability of system-generated reports and data used in audits.

- Collaborate with internal and external stakeholders to develop and implement effective risk management and control processes.

- Identify and report IT control deficiencies, recommend remediations, and follow up on corrective actions.

- Support cybersecurity audits, configuration assessments (debugging, client settings, access rights), and other IT risk assessments.

- Participate in internal control and SOX compliance engagements, ensuring alignment with COSO and other industry standards.

Required Skills & Experience :

- Proven experience in ITGC and ITAC testing, risk assessment, and control evaluation.

- Strong understanding of SOX, COSO, and internal audit frameworks.

- Hands-on experience with vulnerability management, patch management, and cybersecurity audits.

- Exposure to network security, system architecture reviews, and disaster recovery testing.

- Familiarity with risk management, internal controls, and engagement handling across various sectors.

- Knowledge of configuration reviews, including debugging, client settings, and security configurations.

- Excellent analytical, documentation, and communication skills.

Preferred Qualifications :

- CIA (Certified Internal Auditor), CISA (Certified Information Systems Auditor), or other relevant certifications are preferred.

- Experience working in a consulting or Big 4 environment will be an added advantage.