Specialist IT, Operations & Information Security Audit

Job Purpose:

Performs Information Technology, Operations and Information Security audit assignments across the bank in a manner that conforms to the highest professional standards to meet the audit objectives. Work will be performed under supervision, according to departmental standards and within agreed time frames. Outputs are represented by review work papers, detailing tests performed, results and conclusions in relation to adequacy and effectiveness of controls of specific areas under examination. Audit findings will have to be evidenced by audit points and summaries.

Reports directly to:

Head of IT, Operations & Information Security Audit

Audit Planning:

• Assists the Head of IT, Operations, and Information Security Audit in preparing the annual audit plan for the year.
• Participates in the annual risk assessment covering the identification and assessment of IT, Operations and Information Security risks and associated controls.

Conducting Audits:

• Conducts Information Technology, Operational and Information Security audit assignments as per Internal Audit plan.
• Evaluates IT, IS and operational risks and internal control processes to ensure division’s mandate and business goals are met and that professional standards are always maintained.
• Plans individual IT, Operations and IS audit assignments in coordination with and under supervision of the team leaders to ensure professional standards are maintained.
• Assesses that the audit plan sufficiently covers the scope, addresses key risks and considers expectations of Senior Management.
• Discusses the audit scope and audit plan with Head of IT, Operations, and Information Security Audit to ensure that approved audit objectives are met and adequate coverage is achieved.
• Engages with division’s management to understand goals, main business activities, IT controls & risks, and any changes in internal controls or business environment.
• Provides input for revision of audit programs/review approach to achieve objectives more effectively and efficiently.
• Performs analytical review to identify the purpose of the test, source of data, ensure accuracy and completeness, inquire about anomalies or trends, and conclude on control effectiveness.
• Determines sample size and method based on risks identified and controls assessed, documenting each audit test.
• Performs audit testing procedures to assess the adequacy and effectiveness of internal controls.
• Prepares audit testing working papers with objectives, source of data, population, sample size, audit procedures, and findings.
• Communicates audit findings clearly, highlighting root causes and implications.
• Recommends corrective actions and improvements to address root causes and prevent future issues.
• Maintains confidentiality of information and ensures data is not shared with unrelated staff.
• Provides continuous feedback to Audit Management regarding progress, obstacles, and issues requiring management intervention.

Reporting:

• Ensures timely completion and prompt reporting of audit assignments to the Head of IT, Operations & Information Security Audit.
• Prepares draft audit reports with root‑cause analysis, identification of actual and potential risks, and logical recommendations.
• Shares draft audit reports with the division, discusses observations, and agrees on action plans with target dates.
• Discusses draft reports with Team Leaders and the Head of IT, Operations & Information Security Audit prior to preparing the final draft for HIA.
• Follows up continuously with each division on agreed audit action plans and ensures they are resolved on time.

Improving the Practice of Audits:

• Builds relationships with leaders across the bank to understand issues and identify areas for improvement.
• Keeps abreast of developments in Corporate Governance practices and advises the business accordingly.
• Stays up to date with improvements and current developments in banking environment, IT and IS frameworks, risk management standards, and regulations.
• Reviews technological trends and emerging risks, assessing impact on the organization and recommending adjustments to the audit plan based on changing IT controls, risk posture or business priority.

General:

• Assists in implementing the department’s QAIP to ensure high level of efficiency and effectiveness.
• Maintains positive professional relationship with auditee, line management, colleagues, Head of Internal Audit and other staff to complete audit works effectively.
• Assists less experienced staff with becoming familiar with the IT Audit environment.
• Performs other special assignments, investigations, policy reviews, and administrative assignments as requested by Audit Management.
• Completes work assignments independently as part of a team project within time budgets and schedules.
• Performs any other duties or responsibilities consistent with the role as assigned by management.

• Bachelor’s Degree in relevant fields (i.e., Computer Science, Information Systems Engineering, Cyber Security etc.) from a recognized institution.

• CISA certification is mandatory.
• Other certifications such as CIA, CISSP, CDPSE, CRISC, CCAK, etc. are preferred.

• At least five years’ experience in external audit or internal audit or related activities in that minimum of three years banking audit experience in technology, digital banking, cloud architecture, cybersecurity etc.

• In-depth knowledge of current technological developments/trends in the area of expertise, particularly digitalization in the banking industry.
• Specialized knowledge in Enterprise Infrastructure, Cybersecurity, Software Development tools/models, Digital Banking, Cloud Architecture, and auditing banking business applications.
• Knowledge of UAE banking regulatory requirements with regards to Information Technology, Information Security and Cyber Security.
• Reasonable understanding of best practices such as COBIT, ITIL, NIST, ISO27001, PCIDSS and NESA.
• High degree of analytical, reasoning/judgmental skills.
• Excellent communication (writing & verbal) and time‑management skills.
• Good knowledge of Information Technology and Information Security frameworks, controls, and standards (international and national).
• Good knowledge of Accounting, Business Operations, Information Technology Operations, and processes.