OakNorth is hiring an

IT Security Audit

Gurugram, India
OakNorth is the next-generation credit and monitoring platform that provides banks and lending institutions with the insight and foresight needed to create a better borrowing experience for the Missing Middle – the growth business who are the backbones of communities and economies globally but who have been in banking’s blind spot for decades.
The business was founded in 2015 by Rishi Khosla and Joel Perlman, who previously co-founded Copal Amba and grew it to 3,000 employees over 12 years, before selling it to Moody’s (NYSE: MCO) in 2014, returning 125 times capital to seed investors.
Since its inception, OakNorth has secured over $1bn from several investors, including: Clermont Group, Coltrane, EDBI of Singapore, GIC, Indiabulls, NIBC, Toscafund, and SoftBank’s Vision Fund.
The Platform has been deployed at various banks across North America, Europe, and Asia, and in the UK where OakNorth lends off of its own balance sheet via OakNorth Bank. The platform has helped OakNorth Bank become the fastest-growing business in Europe according to the Financial Times FT 1000 (2020), profitably lending over £4bn to date. In terms of the impact this has had on the economy, OakNorth Bank’s loans have directly helped with the creation of 13,000 new homes and 17,000 new jobs in the UK, as well as adding several billion pounds to the economy.
With offices in London, New York, Manchester, Singapore, Hong Kong, Shanghai, Istanbul, Gurgaon and Bangalore, the global team across the OakNorth Holdings group is over 800 people.

Plan, execute and report all IT Security, Development Operations and Business Automation related audit activities for OakNorth Bank plc. Provide independent assurance to senior management that the bank’s IT infrastructure and digital transformation initiates (incl. non-IT) are fit for purpose to allow the bank to safely deliver best-in-class services to all its customers.
1.       Manage all IT and Business Transformation related audit activities for the OakNorth Bank plc
-          Develop and maintain the audit universe and risk assessment for the bank
-          Deliver the annual audit plan: some audits to be delivered alone and others in partnership with the existing OakNorth audit team
-          Document audit fieldwork, findings and prepare audit reports
-          Track closure of management actions
-          Submit a quarterly opinion on the control environment and management’s approach to controls
-          Report on audit activity to senior management
-          Take ownership of the configuration, implementation, staff training and delivery of a Governance, Risk and Controls system for the OakNorth Group in 2021
-          Develop a data analytics strategy to be approved by the Board Audit Committee in 2021 and implement
-          Continuously improve the IT audit methodology which suits the highly technical, disruptive, global, and fast-moving environment
-          Assess resource requirements and develop the right pool of skills (internal and external) to deliver the audit plan
-          Train oneself and mentor the audit team on all relevant areas of IT Security and Transformation audits
2.       Deliver internal and external certification audits
-          Execute ITGC, application, technology, Cyber and Cloud security audits
-          Deliver transformation audits powered by automation using new age technologies incl. BPM, RPA, RDA, Machine Learning and AI
-          Manage ISO27001, Cloud Security and other external certification audits
-          Audit the continuously improving IT infrastructure model with newly emerging and flexible work solutions, post Covid-19
-          Deliver audits to evaluate the evolving cybersecurity automation ecosystem (“best-in-breed”)
3.       Perform internal and external vulnerability assessments
-          Continuously assess how well the bank assesses internal and external threats and vulnerabilities, as well as the fitness for purpose and effectiveness of its strategic and tactical responses
-          Collaborate with internal stakeholders and third-party experts to maintain residual risks to within risk appetite, track closure of open risks and actions
-          Challenge incident and disaster response plans, as well as the business continuity plan
-          Help design and attend desktop exercises and dress rehearsals; provide feedback; track action closure
Culture fit
1. Hunger, fire (10x, momentum)
2. Ability to work with others across teams, geographies, and legal entities (one team)
3. Not a prima donna / ego issue (right ambition)
4. Not highly political or “spin doctor” (say it as it is)
5. Logical thinking, ability to get to the simplest answer as opposed to a convoluted one (challenge and simplify)
6. An honest person who operates with a high degree of ethics and integrity through any situation (right ambition, say it as it is)
1. Someone who can demonstrate knowledge and experience of:
a. Regulations impacting security, integrity and availability of information including personal data- or privacy-related
b. Platform as a Service and Cloud controls in the AWS and Azure environments (e.g. Virtual Private Clouds)
c. Network and Perimeter security
d. Application controls
e. Third Party controls
f. General IT controls e.g. logical access, application change management, disaster recovery
2. A qualified IT / IT Security internal auditor with a minimum of 10 years of experience into IT and Business automation audits
3. Someone who holds PMP or Lean Six Sigma certification with large scale experience of reviewing key transformation initiatives and projects (e.g. CBS, CRM, Datawarehouse, Accounting systems)
4. A fluent English speaker; no grammatical errors in workpapers and no typos
5. A tenacious and proactive internal auditor; a go-getter who acts independently to produce deliverables on time and with extremely high-quality outputs
6. A risk professional with exceptional attention to details; someone who cross-references work and then checks again for accuracy and completeness
7. Someone who has demonstrable experience of influencing people at senior levels with facts
8. A self-starter and fast learner; someone who can work and learn on his/her own
9. Someone with gravitas and whose opinion matters; someone who is trusted by colleagues across the firm, from the most junior to the most senior
10. A person who focuses on what matters most: outcomes; someone who relentlessly avoids hypothetical risks and verbose
11. Someone who hates box-ticking
The role is based in OakNorth Global Private Ltd in Gurugram or Bengaluru and will report directly into the Associate Director, Internal Audit based in Gurugram.

Thank you very much for your interest in OakNorth. We are happy to consider you for roles within our group of companies. If we can identify a match between your skill set and our immediate recruiting needs, please expect to hear from us very soon. If we are unable to identify a fit in the near term, please note that we intend to retain the data you send to us so we may contact you in the future.

For more information regarding our Privacy Policy and practices, please visit: https://www.oaknorth.com/privacy-policy