Senior Internal IT Auditor
  • United Arab Emirates Abu Dhabi
  • MCG Talent
1 year before
31.01.2024
Securely Provision
Risk Management
Job Description

Senior Internal Auditor

Abu Dhabi


We are seeking a highly skilled Senior Internal Auditor to play a vital role in delivering the internal audit plan by conducting performance, operational, IT, and compliance audit engagements. You will provide consulting services on various aspects related to IT governance, IT risk management, IT security, information security, and IT business continuity to the organization's management and staff. Your expertise in audit planning, risk assessment, and control evaluation will contribute to the development of the annual internal audit plan and drive improvements within the organization.


Responsibilities:


Conduct comprehensive planning and gather necessary information before initiating audit assignments.
Deliver assurance and consultancy services related to IT, IT security, information security, and IT business continuity.
Develop risk and control matrices and design audit programs to assess control effectiveness.
Conduct interviews, review documents, administer surveys, and assist with investigations.
Support the audit team in data extraction, cleansing, and analysis.
Plan, monitor, and report on Continuous Controls Monitoring activities.
Administer Audit Management and data analytics tools, providing technical support.
Identify audit issues, develop recommendations for improvement, and compile audit findings into reports.
Review audit working papers and activities assigned to the Audit Lead.
Assist in the development and update of the audit plan, analyze risk profiles, and update risk assessments.


Requirements:


Bachelor's degree in Accounting, Finance, Information Technology, or a related field (Master's degree preferred).
Professional certification such as CIA, CISA, CISSP, or equivalent.
Proven experience in conducting internal audits, preferably in IT-related areas.
Strong understanding of audit planning, risk assessment, and control evaluation.
Knowledge of IT governance, IT risk management, IT security, information security, and IT business continuity.
Familiarity with audit methodologies and best practices.
Proficiency in data analysis tools and techniques.
Excellent analytical, problem-solving, and communication skills.
Ability to work collaboratively with diverse stakeholders.
High ethical standards and commitment to maintaining confidentiality.
Strong attention to detail and organizational skills.
Flexibility to adapt to changes in priorities and assignments.

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0066   Knowledge of Privacy Impact Assessments.
  • K0154   Knowledge of supply chain risk management standards, processes, and practices.
  • K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • K0214   Knowledge of the Risk Management Framework Assessment Methodology.
  • K0264   Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
Required Skills
  • S0137   Skill in conducting application vulnerability assessments.
  • S0141   Skill in assessing security systems designs.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0171   Skill in performing impact/risk assessments.
  • S0271   Skill in reviewing and editing assessment products.
Required Abilities
  • A0118  Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
  • A0023  Ability to design valid and reliable assessments.
  • A0026  Ability to analyze test data.