Specialist IT, Operations & Information Security Audit

Job Purpose:

Performs Information Technology, Operations, and Information Security audit assignments across the bank, adhering to the highest professional standards to meet audit objectives. Work is performed under supervision, following departmental standards and within agreed time frames. Outputs include review work papers detailing tests performed, results, and conclusions regarding the adequacy and effectiveness of controls. Audit findings must be evidenced by audit points and summaries.

Reports directly to:

Head of IT, Operations & Information Security Audit

Duties and Responsibilities:

Audit Planning:

• Assist the Head of IT, Operations, and Information Security Audit in preparing the annual audit plan.
• Participate in annual risk assessments to identify and evaluate IT, Operations, and Information Security risks and controls.

Conducting Audits:

• Perform IT, Operations, and Information Security audits as per the Internal Audit plan.
• Evaluate risks and internal controls to ensure division’s goals are met and professional standards maintained.
• Plan individual audit assignments in coordination with team leaders to ensure standards are upheld.
• Ensure audit scope covers key risks and aligns with senior management's expectations.
• Discuss audit scope and plan with relevant stakeholders to ensure objectives are met.
• Meet with division management to understand goals, activities, controls, and risks.
• Revise audit programs as needed for efficiency and effectiveness.
• Perform analytical reviews to identify anomalies and assess control effectiveness.
• Define sample sizes based on risk assessments and document audit procedures and findings clearly.
• Communicate audit findings clearly, including root causes and implications.
• Recommend corrective actions to address issues and prevent future problems.
• Maintain confidentiality of information and data security.
• Provide feedback on audit progress and escalate issues as needed.

Reporting:

• Complete and deliver audit reports promptly.
• Present findings with root-cause analysis, risks, and recommendations.
• Discuss draft reports with management and obtain agreement on action plans.
• Follow up on implementation of agreed actions.

Improving Audit Practices:

• Build relationships with bank leaders to identify improvement areas.
• Stay updated on governance, banking regulations, and technological developments.
• Assess emerging risks and adjust audit plans accordingly.

General:

• Assist in implementing the department’s Quality Assurance and Improvement Program.
• Maintain professional relationships within the bank.
• Mentor less experienced staff.
• Perform additional tasks as assigned by management.

Education:

• Bachelor’s Degree in Computer Science, Information Systems, Cyber Security, or related fields.

Professional / Technical Qualifications:

• CISA certification is mandatory.
• Additional certifications like CIA, CISSP, etc., are preferred.

Experience:

• Minimum five years in external or internal audit, with at least three years in banking technology, digital banking, cloud, or cybersecurity.

Other Skills:

• Deep knowledge of current technological trends in banking.
• Specialized knowledge in infrastructure, cybersecurity, digital banking, and cloud architecture.
• Understanding of UAE banking regulations related to IT and security.
• Familiarity with frameworks like COBIT, ITIL, NIST, ISO27001, etc.
• Strong analytical, judgment, and communication skills.
• Good understanding of IT, security controls, and banking processes.