IT Auditor

We are looking for a skilled Information Security Auditor to join our team. In this role, you'll help protect our organization's data and IT systems from cyber threats and ensure compliance with industry standards.

• Gain a thorough understanding of Ford's business objectives, processes, goals, and strategies to effectively analyze and interpret IT risks and technology challenges.

• Take charge of examining and analyzing technology and business risks by conducting IT audits, developing audit plans, defining scope and procedures, and preparing comprehensive audit reports.

• Research industry trends relevant to our environment, including those in automotive, finance, mobility, technology, cybersecurity, and auditing. 

• Contribute to the development of a risk-based IT audit plan and help assess areas of risk that need IT audit procedures. Execute these audit procedures based on their risk and impact on the business, spanning various applications, technologies, and business processes. Collaborate with internal and external partners and monitor the completion of planned actions. 

• Support departmental transformation efforts by piloting new processes and developing audit responses.

• Proactively identify business initiatives and changes in the business environment and evaluate their impact on both the business and the control environment.

• Collaborate with global business auditors on joint business and IT audits.

• Engage regularly with the Internal Controls, Legal, and Cybersecurity & Policy teams. 

• Travels may be required as part of this role.

• Work location: Chennai, Sholinganallur ELCOT, Ford GTBC Campus.

Education Qualification: 

• Bachelors or Masters degree in Computer Science or Information Technology or Cybersecurity. 

Must have: 

• A minimum of two years of IT Security or IT Audit experience.

• Knowledge of Software development processes.

• A minimum of one IT Security certification, such as CISA, CISSP, or a similar technical certification.

• Possesses extensive knowledge of industry security frameworks, such as NIST and CIS, along with an understanding of inherent and control risks.

• Strong understanding of ISO 27001/2 standards.

• Proven experience in implementing or testing IT General Controls (e.g. Change Management, Disaster Recover, Cloud Service Provider Controls).

• Possesses excellent verbal and written communication skills, with the ability to effectively engage with all levels of leadership. 

• Ability to work independently in a dynamic environment.

Nice to have:

• Varied IT experience, such as programming, systems analysis, and security administration.

• Strong project management skills and ability to handle multiple tasks simultaneously.