PwC India
Website:
pwc.in
Job details:
Job Description & Summary:
The Technology Control Testing professional is responsible for evaluating the design and operating effectiveness of IT General Controls (ITGC) across critical business systems to ensure compliance with regulatory, audit, and internal governance requirements. The role involves executing structured control testing procedures, including test of design (ToD) and test of operating effectiveness (ToE), across key domains such as user access management, change management, and IT operations. The individual will develop and maintain Risk and Control Matrices (RCMs), perform process walkthroughs with stakeholders, and assess control environments to identify gaps, control deficiencies, and associated risks. Responsibilities include validating audit evidence, analyzing system logs and reports, and ensuring completeness and accuracy of documentation in line with audit standards. The role requires close collaboration with IT, business, and audit teams to communicate findings, support remediation planning, and enhance control frameworks. Additionally, the professional will contribute to continuous improvement initiatives, standardization of testing approaches, and adoption of automation in control testing processes.
Responsibilities
- ITGC Control Testing & Execution
- Perform test of design (ToD) and test of operating effectiveness (ToE) for IT General Controls across domains such as access management, change management, and IT operations
- Execute sample-based testing procedures, validate control execution, and assess control consistency over defined periods
- Evaluate automated and manual controls, including system-based configurations and business process controls
- Risk & Control Documentation (RCM Ownership)
- Develop, review, and maintain Risk and Control Matrices (RCMs) aligned with audit frameworks and regulatory requirements
- Map identified risks to controls and ensure appropriate control coverage across IT environments
- Update control descriptions, testing attributes, and linkage with financial reporting or compliance objectives
- Process Understanding & Walkthroughs
- Conduct process walkthroughs with stakeholders to understand system architecture, data flows, and control points
- Review IT policies, SOPs, and process documentation to support audit planning and control design validation
- Identify key systems, dependencies, and risks impacting control effectiveness
- Control Evaluation & Gap Assessment
- Assess adequacy and effectiveness of ITGCs and identify control gaps, deficiencies, and non-compliance issues
- Perform root cause analysis for control failures and document associated risks and impacts
- Evaluate controls over user access, program changes, data integrity, and system operations
- Evidence Collection & Validation
- Obtain and validate audit evidence including system reports, audit logs, approvals, and configuration settings
- Ensure completeness, accuracy, and reliability of evidence supporting control performance
- Maintain structured documentation aligned with audit standards and quality requirements
- Reporting & Stakeholder Communication
- Prepare audit observations, findings, and recommendations in agreed reporting format
- Communicate identified issues and control weaknesses to business and IT stakeholders
- Support management in defining remediation actions and timelines
- Compliance & Regulatory Alignment
- Ensure control testing aligns with frameworks such as ITIL, SOC, NIST and internal audit requirements
- Support audit readiness by ensuring controls meet regulatory and organizational compliance standards
- Monitor adherence to defined policies, procedures, and governance frameworks
- Continuous Improvement & Audit Support
- Contribute to enhancing testing methodologies, templates, and audit tools
- Support adoption of standardized testing approaches and automation initiatives
- Assist in internal/external audits, quality reviews, and peer validations
Mandatory Skill Sets:
- Strong understanding of Technology Controls, IT risk management, and compliance principles.
- Excellent coordination and project management skills.
- Ability to draft clear and concise management responses.
- Strong analytical and problem-solving skills.
- Proficient in ITSM tools, particularly ServiceNow.
- Excellent communication and interpersonal skills.
Preferred skill sets:
- ITGC & Audit Fundamentals
- Strong knowledge of IT General Controls (ITGC) across access, change management, and IT operations
- Understanding of automated controls, application controls, and IT-dependent manual controls
- Familiarity with ERP systems, databases, and enterprise applications 2. Control Testing & Risk Frameworks
- Experience in Test of Design (ToD) and Test of Operating Effectiveness (ToE)
- Expertise in RCM development, risk-control mapping, and compliance alignment (SOX, SOC, ISO)
- Ability to perform sample testing, identify exceptions, and conduct root cause analysis
- Data Analysis, Evidence & Documentation
- Ability to analyse logs, audit trails, and system-generated reports
- Strong skills in evidence validation (completeness, accuracy, reliability)
- Proficiency in audit documentation, workpapers, MS Excel, and audit tools/templates
- Stakeholder Management & Analytical Skills
- Effective communication with IT, audit, and business stakeholders
- Strong analytical thinking, attention to detail, and problem-solving skills
- Ability to articulate control gaps, risks, and remediation actions clearly
- Understanding of IT governance, compliance, and control environment principles
Years of experience required:
10 – 12 Years of Experience in IT Risk, Technology Control Testing, IT Audit Resilience and Coordination, Project Management and Stakeholder Management.
Education qualification:
At least bachelor’s degree in computer science, System Management, Business Management.
Preferred Certifications:
- ISO 20000: Certification in IT Service Management.
- ISO 27001: Certification in Information Security Management.
- CRISC: Certified in Risk and Information Systems Control
- PMP: Project Management Professional.
- ITIL Expert: Certification in IT Infrastructure Library (ITIL) practices.
Click on Apply to know more.