Senior Internal Auditor

Roles and responsibilities

To support the planning and lead execution of engagements of the internal audit plan and therefore evaluate and conclude on the adequacy, effectiveness and efficiency of business and technology internal controls, as well as recommending corrective actions, in adherence to the relevant frameworks and best practices.

Responsibilities

• Lead the execution of audit engagements with keen focus on information and other technology controls in line with the annual Internal Audit plan and ensuring comprehensive coverage of key internal control risk areas.
• Ensure timely delivery and quality of each audit engagement phase, aligned with the Internal Audit methodology, policies and processes and engagement plan(s).
• Coordinate and communicate with the Head of Internal Audit in a timely manner therefore ensuring relevant / material issues are escalated and resolved in a timely manner.
• Manage day-to-day relationships with co-sourcing partners to coordinate the execution of the engagement and to ensure delivery of defined, cost effective and high-quality audit services to support the engagement.
• Develop audit reports, and review and deliver draft internal reports developed by the audit engagement team to ensure they are clear and concise, focus on the areas of greatest risk, and provide recommendations.
• Monitor and report on the implementation of agreed action plans developed in order to ensure identified risks are mitigated effectively within the set timeframes.
• Contribute towards the development of the Internal Audit manuals
• Assist the Head of Internal Audit with the coordination and facilitation of the Internal Audit Plan and preparation of Audit Committee papers and presentation material.
  
  

Please note that based on business requirements, additional responsibilities may be assigned by the manager as deemed necessary

• Sound understanding of Global Internal Audit Standards (GIAS) 2024 issued by Institute of Internal Audit.
• Sound understanding of ADAA Law 19, resolution no. 89.
• Strong skills in performing objective centric risk based internal audits.
• Good understanding of corporate business processes such as finance, HR, business continuity, risk management etc. and technical (IT Solutions and InfoSec) processes.
• IT controls around technical environments including evaluation of risk-based controls across functional IT areas including SDLC, networks, firewalls, vulnerability management, systems development, information security, database management and project management.
• Familiarity with infrastructure related to systems including Windows, Linux and VM environments, and of Oracle and SQL databases.
• Leads analysis of control deficiencies expansion and refinement of documentation for complex control deficiencies to drive actionable business impact, influences management on the sufficiency of correctives actions, recommends audit rating.
• Exercises judgment and critical thinking to influence business partners
• Specific skills required for the below areas.

Desired candidate profile

• Assess the effectiveness of the software development lifecycle (SDLC) processes, from requirements gathering to deployment and maintenance.
• Review change management procedures to ensure proper authorization and testing of changes.
• Evaluate the security of the software development environment and identify potential vulnerabilities.
  
  

Information Security

• Assess the effectiveness of Information security policies, procedures, and controls.
• Knowledge of leading information security frameworks such as ISO 27001 and NIST
• Review incident response procedures and assess the company's preparedness for security breaches.
  
  

Oracle

• Evaluate and provide assurance on oracle business modules including configurable controls, IT general controls and segregation of duties.
  
  

Soft Skills

• Ambitious, ‘hands on’ and pragmatic.
• Professional skepticism: not taking things for granted and has the ability to question current methods and procedures and to adapt or generate innovative and new ideas.
• Analytical thinking: has the ability to tackle issues and problems in a logical, systematic way and keeps an eye on the bigger picture.
• Teamwork and co-operation: Strong team player who builds up effective, co-operative relationships with others.
• Result focused: is able to complete tasks within set timeframes and maintains focused on the result.
• Communication skills: communicates and reports in clear and unequivocal terms.
• Initiative and pro-activity: anticipates problems and seizes opportunities without waiting to be told.
• Concern for accuracy: ensures accuracy and quality in work delivered.
• Conceptual thinking: has the ability to identify patterns or connections between situations and to identify key or underlying issues in complex situations.
• Interpersonal skills: actively listens to managers’ needs, is direct an assertive, has the ability to convince, to gain the acceptance and commitment of Business Managers with regard to advice on adding value; deals with conflicts of interest (controller/adviser).
  
  

Qualifications

• 8 to 10 years of experience in internal audit with a focus on IT, preferably in telecommunication or technology environment. Big4 experience is a must.
• At least a Bachelor's degree in Information Systems, Computer Science, or a related field.
• A recognized certification such as CIA, CISA, CISM, CISSP or equivalent is required.
• Knowledge of AI governance, and AI systems auditing is a plus.
• Fluency in English (in both spoken and written communication)