Job description / Role
Responsible for executing high quality audits, risk management over the IT infrastructure, applications and processes. Responsible for delivering high quality internal audit results under the direction of GRC management, including planning, performing IT risk assessments, and developing and executing test plans to assess design and effectiveness. Key focus areas are risk assessments, security assessments, business continuity and disaster recovery assessments, and review of internal controls, corporate policy, laws, and regulations, as they relate to the Company's electronic assets. Maintains all organizational and professional ethical standards and completes all internal audit work in compliance with the IIA & ISACA’s standards. Works independently under general supervision with considerable latitude for initiative and independent judgment.
Essential Duties and Responsibilities include the following. Other duties may be assigned.
- Conduct the annual risk assessment overall for IT scope of all AZAQ’s entities and give report to GRC management for incorporation of results into overall GRC annual plan.
- Executes specific IT projects established as per the annual GRC plan, develops audit objectives, scope, audit test plan, and procedures while ensuring alignment with audit standards, guidelines, and best practices.
- Evaluate the security procedures and systems that govern the IT environment, reporting on such evaluation and suggesting recommendations where needed. Conduct departmental reviews to assess the extent of compliance with controls and procedures. Evaluate these controls for their adequacy and operational effectiveness. Keeps abreast of relevant business developments and evolving IT risk areas.
- Leads and/or conducts complex engagements that are designed to assess the organization’s information technology (IT) risk exposure and recommend any needed enhancements to IT business systems, processes, and controls.
- Participate in integrated financial and operational audits to evaluate automated application controls, critical system functionality, and other IT related areas of risk.
- Contributes ideas and opinions to the GRC team by identifying relevant automated controls to include in an audit scope; designing audit programs/procedures to assess their adequacy, and assisting financial/operational auditors in applying IT audit principles and concept.
- Provide support to other audit team for audits and consulting engagements for Oracle EBS, Sage, QuickBooks, SAP and Microsoft Dynamics application modules about risks and controls related to integrated testing, application controls, preventive control, detective controls, logical access control and SOD, and configuration setup controls.
- Complete the Audit Work paper file at each stage of the audit process (from planning to get the audit program approved until the completion of the audit) to ensure progress is tracked. Prepare electronic work papers in TeamMate by the department’s standards and reviews work of peers.
- Participate in information system testing as needed, whether such testing is destined to evaluate the effectiveness and controls around existing or newly implemented systems.
- Participate as assigned in the deliberations of Committees working on special IT evaluation, development, or implementation projects.
- Prepares comprehensive, well-written Internal Audit Reports summarizing the review results. Conducts closing meetings and presentation of IT audit results. Prepares audit summaries and reviews audit results with senior IT management providing observations and conclusions as well as identifies and communicates gaps and evaluates management action plans and related reporting.
- Follows-up on status of prior IT audit recommendations to ensure that recommendations are implemented on a timely basis.
- Prepare and deliver weekly/fortnightly/monthly audit reports related to project progress and update wunderlist.
- Support the GRC department by participating in a variety of projects. Project may include, but are not limited to operations audits, infrastructure, network and applications reviews, pre and post implementation reviews of new IT systems/applications and vendor risk assessments.
- Perform all TeamMate and Analyzer system administration and regular upgrade and migrations to new versions. Ensure that GRC systems have been back up and data secured.
- Strong knowledge of risk assessment and familiarity with tools and techniques used to provide control and monitoring mechanisms.
- Solid knowledge of IT audit methodologies and control frameworks of IT platforms, processes, systems and controls, including areas such as network security, logical access and change management controls at an infrastructure and application level, databases and systems maintenance
- Proficiency and familiarity with various network architectures, services, systems, applications, development platforms, network/security technologies
- Experience in performing information security assessments
- Proficiency in information security tools to exploit vulnerabilities in networks and applications
- Expert level of TeamMate Administration and migration/upgrade
- Knowledge of using audit management software “Teammate”
- Expert in writing scripts of software ACL, Analyzer, IDEA.
- Expert conducting audit of ERPs (Oracle, SAP, Sage)
- Expert conducting audit database (Oracle, SQL etc.)
- Knowledge of conducting audit in ERP implementation and post implementation reviews
- Microsoft Office Skills (particularly Excel)
- Strong communication and interpersonal skills
- Leadership and Team Building Skills
- Considerable knowledge of and skill in applying internal auditing and accounting principles and practices, and management principles and preferred business practices.
- Possess detailed technical skills in at least one platform (Linux/Unix/Sybase, Windows NT).
- Knowledge of COBIT, Risk IT, Value IT, ERM and COSO Frameworks
- Knowledge of ITIL Standards and core IT services such as change, problem, incident, and asset management.
- Considerable skill in planning and project management, and in maintaining composure under pressure while meeting multiple
- Knowledge of management information systems terminology, concepts, and practices.
- Knowledge of industry program policies, procedures, regulations, and laws.
- Skill in conducting quality control reviews of audit work products.
- Skill in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions.
- Considerable skill in planning and project management, and in maintaining composure under pressure while meeting multiple deadlines.
- Skill in negotiating issues and resolving problems.
- Considerable skill in using a computer with word processing, spreadsheet, and other business software to prepare reports, memos, summaries, and analyses.
- Considerable skill in effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations.
- Ability to establish and maintain harmonious working relationships with co-workers, staff and external contacts, and to work effectively in a professional team environment.
- Considerable skill in assessing the effectiveness of internal controls over key IT risks, identifying significant exposures, analyzing transactions and other management information, and detecting changes in key risks and/or control effectiveness. Skill in developing appropriate recommendations to address exposures.
- Knowledge of generally accepted IIA & IS audit standards, statements, and practices, and IS security and control practices.
- Ability to learn new operations quickly and work independently a must.
Master / Bachelor in computer science and must have “CISA certification” with CIA and CISSP is preferable.
About the Company
Ali Zaid Al-Quraishi & Brothers Co Ltd. (AZAQ) was founded in 1958 as a family owned diversified company. Today, with more than 4,500 employees on its payroll, prolific market activities all over the Kingdom, and long established associations with a several world-class brands and international corporations, AZAQ is a leading business group in the region.
The Group today is firmly based in the marketing and distribution field, representing top brand names in leisure goods, household products, watches, office furniture, telecommunications, electronics, electrical equipment and motor vehicles. It is also involved in manufacturing of electrical products and transformers and switchgears.