Job Description
- Plan and manage execution of Cyber and Information Security (including Data Privacy) Audit assignments
- Leading and supervising a team of IT auditors/ Senior IT Auditors on assigned IT audits, in accordance with agreed approach and Division’s standards. Directly participate in conducting the end-to-end audit of processes relating to cyber and information security functions, surfacing, and raising risk and control concerns.
- Provide report on the effectiveness/ adequacy of Internal Controls and compliance to the policies and procedures to safeguard the assets of the Bank. Make value added recommendations to improve/ enhance bank’s information security processes and controls. Provide an objective overall risk assessment of the auditee entities in line with approved audit methodology.
- Provide expert advice in assigned areas of specialization for introduction of best practices in risk mitigation and management.
- As an Auditor In-charge, prepare a comprehensive audit plan and prepare and maintain risk assessment of each of the process streams within the cyber and information security functions to identify the assignment scope, audit approach and critical audit areas/ processes to focus on and surface key control risks.
- Manage and supervise performance of IT auditors/ Senior IT Auditors on jobs under charge to ensure effective and timely execution of assignments.
- Ensure adequate and effective coverage of all major processes in line with approved audit plan to identify\ and raise all important process/ control weaknesses together with suggestion for improvements in line with best practices.
- Discuss and agree with Unit Management the audit risk/ control gaps and opportunities for improvements and obtain management response for resolution/ implementation together with target dates.
- Draft audit reports containing critical risk/ control opportunities, including an objective risk assessment of various processes and overall unit, highlighting critical risk/ control concerns arising from audit.
- Develop action plans and review management action to ensure that items are not closed without appropriate resolution. Track open audit action plans and escalate overdue items to senior level, as appropriate, to ensure their resolution and closure.
- Provide coaching and on the job training to junior auditors to enhance their skills to carry out audits more objectively.
- As a Relationship Manager and Center of Excellence, develop a cordial and professional working relationship with managers and counterparts for the purpose of mutual understanding, easy communication and to obtain their “buy in” on audit findings and suggested opportunities for improvement.
- As an In-house Consultant, conduct reviews or participate in special assignments such as system development/ integration projects and identify risk/ control gaps, and recommend opportunities for improvement in line with best practices.
Job Qualifications
- Engineering Degree in Computer Science/ Information Technology/ Information Security.
- CISA certification is essential and any additional relevant certifications such as CISSP, CISM, CDPSE, CRISC & CSX.
- 10+ years of experience in Information Security & IT Audits, preferably in Big-4 firms or Banking Industry in Managerial position.
- Working knowledge of Information Security domains viz, cyber security, information risk management, third- party risk management, vulnerability management and information security governance.
- Exposure to programs involving data privacy regulations across multiple geographies viz, GPDR, PDPL, PDPO etc.
- Good understanding of cloud-based services, Microservices, API Technology and evaluating/ auditing cloud and digital domain.
- Good communication skills, both oral and written.
- Positive, professional approach with diplomacy and tact.
- Ability to handle multiple assignments with good time management.
Apply Via The Following Link
