Prasanna
IT Auditor - A day in the life of an IT Auditor at CCL
As an IT Auditor, we perform audits, deliver information security training, complete the RFI/RFP and clients questionnaire on a regular basis. As the day starts, we connect with our manager for our daily tasks and attend the IT/IS stand-up meeting. My manager will tell me a typical job that needs documentation, auditing, completing the risk assessments, and other implementation and maintenance of certification. We check for incidents or issues that need to be addressed. We follow up with the IT teams for patching and mitigating the identified weakness and risks. The questionnaire and RFP/RFI that we get from our clients are filled mostly by me and then I coordinate with other delivery team managers, HR, General Counsel and IT team for completion. These are reviewed by my manager, then sent to the clients.
As an IT Auditor, we perform audits, deliver information security training, complete the RFI/RFP and clients questionnaire on a regular basis. As the day starts, we connect with our manager for our daily tasks and attend the IT/IS stand-up meeting. My manager will tell me a typical job that needs documentation, auditing, completing the risk assessments, and other implementation and maintenance of certification. We check for incidents or issues that need to be addressed. We follow up with the IT teams for patching and mitigating the identified weakness and risks. The questionnaire and RFP/RFI that we get from our clients are filled mostly by me and then I coordinate with other delivery team managers, HR, General Counsel and IT team for completion. These are reviewed by my manager, then sent to the clients.
What skills do you think you need to do your job?
As an Information Security specialist, you require soft skills, self-motivation, honesty, integrity, patience, dedication and hard work.
The typical functional skills are ISO 27001 process, implementation, and auditing knowledge. Auditing and testing the information systems. Information Security Risk Assessments, Governance, Compliance knowledge, Cybersecurity certifications, knowledge of regulatory process, basic knowledge of all the domains of information security are needed. Also, some knowledge of functional domains such as banking, insurance, manufacturing, Legal, HR, IT and retail are preferred. Must have experience in and technical knowledge of IT systems. Knowledge of software and applications developments along with DevOps, DevSecOps, Jira, Scrum, Project Management, Agile and Waterfall methods are also preferred.
How did you get to where you are today in your career?
I focus on my work completely, I give 100% in my work, then think out of box and be creative. Power of imagination is what made me successful. Also, over my 15 years of experience I acquired knowledge and skills with my passionate approach to doing my work and I love my Information Security work. I have six Information Security certifications that gave me the knowledge of various Information Security domains along with my experience. I read Information Security books for CISA/CISSP and other articles on Information Security. I have also written various e-Books on Information Security topics and published them. I have opened my own YouTube Channel for the Information Security community to share my knowledge through videos. I also write articles and publish them on LinkedIn in my free time. Keep Learning!! is my mantra that I would share to all.
