IT - INTERNAL AUDIT SPECIALIST

At EKFC, our Internal Audit team is key to driving business excellence. We're on the lookout for an IT audit professional who can bring specialist skills to assess and enhance our IT systems, controls, and cybersecurity landscape. You'll support assurance and advisory projects, helping us identify and mitigate technology-related risks across the business.

If you're passionate about IT governance, risk, and compliance—and want to make a real impact in a fast-paced environment—this is the role for you.

Key Result Areas:

1. Conduct assurance and advisory assignments across Company using technical and audit skills to produce audit outcomes that enhance internal controls, improve operational efficiency, and ensure compliance with relevant regulations and standards
2. Work with the Internal Audit Managers in scoping the assurance & advisory assignments as well as determine the most effective audit approach to review IT risks and controls across a diverse range of IT environments
3. Collect, validate, analyse data and conduct testing to assess risks and effectiveness of controls in areas including, but not limited to: IT infrastructure, architecture, application systems, IT projects, information/cybersecurity (e.g., network, operating system, cloud, database, security incident response); disaster contingency planning and IT processes.
4. Discuss assurance and advisory outcomes with the appropriate level of management in the business for them to make informed decisions and implement corrective actions.
5. Collaborate with business and IT stakeholders to agree on practical and implementable actions to address risks identified.
6. Draft the assurance and advisory report, follow up on responses and ensure appropriate action is taken to implement agreed actions.
7. Work with IT Audit managers to perform risk assessment and periodic monitoring of the IT risk profile of the Company’s business units.
8. Suggest and implement 'smarter' assurance methods and techniques to optimise resources and effort for subsequent reviews.
9. Document working papers in support of assurance and advisory outcomes in accordance with Information Systems Audit and Control Association and Internal Audit department standards.
10. Follow-up on agreed actions with management to assess satisfactory completion of actions and update action tracker in a timely manner and escalate to Managers / Principals as required.

Job Context:

With the new Corporate ERP and HR system, workflows and other IT solutions within the organization, the requirement for an Internal Audit Specialist with IT background, skillset & expertise is critical to assess and ensure the effectiveness, security, and compliance of the organization’s systems, processes and infrastructure. Further, our technology landscape keeps evolving in most dynamic businesses and require regular evaluation and oversight. With this, IT audits provide critical assurance over functions like change management, system configuration and segregation of duties, data integrity, compliance, risk and security assessment, business continuity and disaster recovery.

Knowledge, Skills & Minimum Experience:

Education and Qualification:

• Bachelor’s degree or Honours (12+3 or equivalent) in a subject relevant to IT (e.g., Computer Science, Software Engineering)
• Professional IT Audit qualification (CISA, CISM, CISSP, etc.)

Work Experience:

• Minimum 5 Years of relevant experience in IT and Cybersecurity
• Experience in auditing / risk management or equivalent exposure in jobs involving review of IT systems, processes, systems and procedures, cyber security, analysis of management information, etc.
• Knowledge of generally accepted auditing standards and common audit procedures and techniques.
• Data Analytics Experience
• Work experience is preferred in Audit Firms, Airlines, Transportation and Logistics, Manufacturing, Retail, F&B and Hospitality

Skills

• Expertise in Firewalls, Intrusion Detection System, Intrusion Prevention System, Routers, Switches, Servers, Databases, and Business Applications
• Hands-on experience with Nessus, Qualys, and Open-Source Vulnerability Assessment and Penetration Testing tools; strong understanding of Common Vulnerabilities and Exposures, Common Vulnerability Scoring System scoring, and exploitability assessment
• Proficiency in Computer-Assisted Audit Techniques (Tableau, PowerBI, MicroStrategy), SQL-based data mining, and Extract, Transform and Load tools like Informatica PowerCenter
• Strong grasp of Windows/Linux fundamentals, automation via PowerShell, Bash scripting, Python basics
• Knowledge of Development, Security, and Operations, Server provisioning, Containerization, and Secure Cloud Deployments
• Familiarity with ISO 31000, CIS benchmarks, NIST, UAE Information Assurance/ Information Security Regulation frameworks, and IT risk assessment methodologies
• Understanding of secure coding practices, JIRA, Azure Pipelines, and Continuous Integration and Continuous Deployment security integration
• Experience in IT Quality Management, security KPIs, and compliance reporting