Senior Manager IT And Cybersecurity Audit

Job description / Role

Job description

The role is responsible to determine objectives and potential impact of the audit plan arising from changes in technological landscape and regulations. He/she develops an audit plan that complies with relevant auditing standards. He/she manages the implementation of audit plans and activities, as well as investigation of non-compliance and identified risks to determine required changes to structure, policies, processes and behaviors.

He/she reviews audit findings and assesses overall state of IT governance, compliance and risks, including evidences for accuracy and comprehensiveness to support audit conclusions. He/she reviews audit reports for comprehensiveness and adherence to relevant reporting standards and develops recommendations to enhance IT compliance and strengthen controls against emerging risks.

He also provides guidance to team members on the planning and implementation of audits. He works in a dynamic environment due to rapid changes in the IT landscape.

Responsibilities

• Develop an IT & cybersecurity (IT) audit plan that complies with relevant internal auditing standards. At a minimum, these will include:
  
  • Pre and post implementation reviews of system implementations or enhancements
  • IT security audits (e.g., network, operating system and data centers), the evaluation of security vulnerabilities
  • General computing controls and compliance
  • Reviews of IT management policies and procedures such as change management, business continuity planning/disaster recovery and information security to ensure that controls surrounding these processes are adequate
• Develop objectives of IT audit plan arising from changes in technology landscape and regulations
• Review workflows and activities in the IT audit plan to propose enhancements
• Determine approaches, methodologies and tools required to measure compliance and risk of IT assets and technologies
• Manage the implementation of IT audit plans, and evaluate existing audit plans for relevance and changes
• Ensure adherence to IT audit standards and procedures during the conduct of audit activities
• Review audit findings to assess overall state of IT governance, compliance and risks
• Review evidence for accuracy and comprehensiveness to support IT audit conclusions
• Prepare and report results to executives, the Audit Committee and other stakeholder groups as required
• Determine key messages for communication and presentation materials to share IT audit findings and recommendations
• Manage the investigation of non-compliance to IT standards and identified IT risk to determine required changes to structure, policies, processes and behaviors
• Manage follow-up reviews to ensure adequacy and timeliness of corrective actions
• Develop recommendations to enhance IT compliance, address risks and strengthen controls against emerging risks
• Provide inputs to the development of training programs for adoption of new processes and practices designed to mitigate IT risks
• Determine and manage IT audit budget and expenditures for in-house and outsourced audit work
• Work with lead to develop function plans and budgets
• Perform any other duties assigned by line manager related to the nature of the work
• Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations

Qualifications

Preferred qualifications

• A tertiary level qualification from a recognized institution, preferred Bachelor degrees in Finance, Accounting or Computer Science
• Preferred professional certificates: CIA, CISA, CISM, CRISC

Years & nature of experience

Recommended 5 to 7 years of equivalent experience where required competencies and experience has been demonstrated in IT auditing or cyber security auditing. In-depth understanding of IT infrastructure, cloud computing, and data privacy regulations. Ability to perform risk assessments and provide actionable recommendations.

Strong written and verbal communication skills, including the ability to present complex findings to senior executives. Ability to manage multiple projects and teams simultaneously while meeting deadlines.

Technical competencies

• Business acumen
• Technology domain know-how
• Data interpretation and analysis
• Process excellence, quality and controls

Behavioral competencies

• Digital fluency
• Complex problem solving
• Lateral thinking
• Collaboration

About us

D360 Bank is a shariah-compliant digital bank that aims to provide the best financial experience in the Kingdom. Our vision: to reinvent finance through innovation & technology making it convenient, accessible & fair to all.