IT & Cybersecurity - Auditor
- Manama, Capital Governorate, Bahrain
- Permanent, Full time
- 09 Dec 17 2017-12-09
The core responsibility of the IT Auditor, within Group Audit is to plan, execute and manage IT audit assignments in accordance with the Group IT Audit Plan and relevant policies, procedures and quality standards. The job holder is also responsible for the quality of the audit testing and the efficiency and effectiveness of IT audit personnel.
Other responsibilities: Full and continuous support to the Head of Group IT Audit and other auditors of the group in IT systems matters. Involvement in on-going system implementations and system development projects. Perform special reviews, investigations, due diligence reviews and other non-routine assignments at the behest of Management and the Audit Committee.
Dimensions of role (i.e. budgets managed, number of staff):
Financials: Group Audit is a cost center. The Internal Auditor is primarily responsible for ensuring that audit expenses incurred adhere to internal policies and are kept within authorized budgets.
Other: The job holder has the responsibility to ensure that the IT audit reviews are conducted according to plan and the work is performed according to Group Audit methodology. The job holder is also responsible to follow up IT related issues raised by Group Audit or other external auditors.
Non-Financial (size of team, geographical coverage, time horizon of main decisions, etc.)
Staff: The job holder has no line management responsibilities in Head Office.
- The job holder is primarily responsible for performing audit planning and fieldwork activities, identifying, discussing, agreeing and documenting factual findings and issues
- The Audit team based at the Group Head Office in Bahrain includes the Group Chief Auditor, four Audit Heads, 6 audit professionals, one Audit Support Management and one Executive Assistant.
- Travel abroad may be required occasionally.
Principal Responsibilities, Accountabilities and Deliverables of Role:
- Comply with the Group’s documented standards, policies and procedures, and with Group Audit methodology.
- Provide the HITA with an independent assessment of the adequacy, effectiveness and sustainability of the governance, risk management and control processes across the delegated IT audit engagements.
- Work in partnership with other IT auditors to ensure key Group activities are controlling risks to effectively, recommending improvements where appropriate.
- Manage audits within approved budgets. And plan IT audits in a manner which will ensure optimal value-for-money coverage.
- Support the effectiveness and efficiency of the audit process through the use of automated tools and techniques wherever possible.
- The job holder is accountable to the HITA for improving effectiveness of IT audit work programs and ICQs.
- To provide continuous support to all Group Audit staff in terms of system knowledge, technology support, help in obtaining the required information and data from various applications.
- Keep them informed of all on-going system implementation and developments.
- Oversee remediation of issues identified through the audit process, ensuring they are remediated effectively and on a timely basis, particularly those that are deemed to be high risk.
- Ensuring adequate key risks and key controls coverage within each audit engagement.
- Quality assurance over all audit testing and audit issues.
- Liaison and reporting to HITA.
- To evaluate and help to improve the effectiveness of risk management, control and governance processes in each IT area audited.
- To evaluate the extent of compliance with established policies, procedures, control guidelines and generally accepted industry standards and practices.
- To review the adequacy of the Bank’s overall Business Continuity plan supported by IT disaster recovery arrangements. To assess the effectiveness and readiness of backup IT systems to continue supporting the business in the event of loss to main IT facilities.
- To consolidate audit testing exceptions into accurate, objective and comprehensive audit issues so that auditees can comment on the factual accuracy and contribute to define sound mitigating action plans.
- To be involved in Group IT project implementations by attending Project/Steering Committee meetings or by obtaining regular updates.
- To maintain up to date knowledge of new technologies and their inherent risks especially those which are planned to be deployed.
- To undertake special investigations when requested by the Group Chief Auditor or by the HITA and act in a consultative capacity to other areas and departments within the Bank.
- To incorporate improvements to work programs and ICQs to ensure that audit practices incorporate the most current methodologies.
- To assist the HITA to identify medium term IT audit challenges, issues, risks and constraints as well as in the framing of responses and solutions.
Job Context (Circumstances & environment surrounding the job):
The job holder is expected to understand the control, regulatory and risk issues relating to Information Technology so that he/she can converse intelligently with HITA and other staff in the various units that he/she visits. There is a mix of various systems and applications across the units. To perform effective reviews he/she should understand technology and its business effects. The need to assimilate such a wide range of knowledge and skills places considerable demands on the job holder.
The job holder is required to have broader knowledge of IT infrastructure (including technology innovations such as cybersecurity, cloud solutions, fintech, block chain, virtual currencies, others) and should display familiarity and knowledge of the risks associated with one or more of the following IT processes: application development, change and release management, incident and problem management, software asset management, IT risk management, security management, data management. Also should demonstrate management skills to successfully plan and execute IT audit engagements.
The job holder is also required to have experience in risk based auditing or risk/controls assurance activity. He/she should have knowledge of the IT controls associated with one or more banking products: e.g. Retail Banking, Treasury, Corporate banking, Marketable securities, Islamic banking products, etc. He/she is required to maintain this knowledge up-to-date through an ongoing process of getting involved in operations audit and self-education, together with the attendance of internal presentations.
He/she is required to keep abreast of professional, technical and policy developments with regard to auditing, banking and IT. He/she is also required to assist HITA and work with other IT auditors in the dispatch of their duties. He/she will often have to operate ‘outside the box’. Where new systems or technology are encountered the job holder must use his/her knowledge and experience to identify key issues and controls and develop work programs on the spot.
There is also a need for occasional travel involving absences from home base (two to three weeks at a time).