Senior Manager Technology Audits

Pre Audit Review

• To hold discussions with the auditee to gain an understanding of the functions being performed and the associated IT systems and processes, in order to develop a focused audit scope.
• Review the IT risk assessment developed by the team in line with the audit scope to ensure that potential vulnerabilities and compensating controls are identified based on associated risk factors, in order to gain an understanding of the overall IT control environment of the function being audited.

Audit Planning and Completion

• Develop the Audit Plan in accordance with the risk assessment criteria defined in the Audit Procedure Manual.
• Execute the Audit Plan by utilizing available resources efficiently.
• Manage stakeholders effectively throughout the audit lifecycle.
• Supervise the preparation of a risk-based work program for the audit engagement.
• Ensure detailed planning of audit assignments, testing, and reporting in alignment with Information Security/IT policies, standards, procedures, practices, and controls, consistent with the Bank’s objectives, international standards, best practices, and control frameworks (ISO/IEC 27001:2013, COBIT, NIST 800-50, and ITIL).
• Ensure audit assignments focus on key risk areas, including design, controls, and security hardening of servers, networks, and security devices, in line with organizational standards, control frameworks, and best practices (CIS, COBIT, ISO 27001, NIST 800-50, PA-DSS, and PCI DSS).
• Oversee the full audit cycle, including control design assessment, operating effectiveness, systems availability and security, and compliance with applicable directives and regulations.
• Report significant findings to senior management in a timely manner, especially those that could adversely affect the Bank’s assets or reputation.

Other Reviews / Tasks

• Ensure a follow-up mechanism is in place for deficiencies reported during past audits.
• Conduct continuous research and learning to gain industry-wide knowledge and best market practices, with the aim of developing new audit techniques and recommending improvements to internal audit systems, reporting, and related processes.
• Carry out special audits or reviews as directed by management.

Internal Relations

• Maintain open and effective communication with management to ensure transparency, alignment on audit objectives, and timely resolution of key issues.

Team Development and Advisory Responsibilities

• Contribute to the professional development of the team by providing guidance on industry best practices related to IT, information security, and cybersecurity.
• Stay up to date with best practices, laws, rules, and regulations impacting financial institutions, and ensure that relevant changes are incorporated into the independent assessment process.
• Advise and guide team leaders and members on risk and compliance policies relevant to their work areas to ensure the business is not exposed to undue risk.

Team Oversight and Collaboration

• Oversee the team's operational workload to ensure that allocated staff are fully utilized and the agreed audit program is achieved efficiently.
• Advise and guide team members on risk and compliance policies relevant to their work areas to ensure the business is not exposed to undue risk.
• Foster a culture of mutual respect within the team and with peers, associates, and supervisors to support collaboration and deliver high-quality outcomes.

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent qualification
• Possesses CISA certification or other relevant professional credentials.

Minimum Experience:

• A minimum of 8 years of IT audit or GRC experience, preferably in the banking sector.