IT Audit Manager
Bank Of Khartoum
Total des années d'expérience :4 years, 9 Mois
• Leading the IT audit team in the various audit tasks to Identify root cause and opportunities for improvement of internal controls and acquire consensus on remediation plan with key business partners.
• Developing and drafting of the report, discussion with management to ensure factual accuracy and concurrence and coordination with Management to obtain written responses to Audit's recommendations; Introducing and follow-up of the audit's findings with the upper-management and top executives.
• Leading Internal IT audit risk's assessments and following the enterprise IT Audit plan.
• Leading technical assessments and technical of the different information systems from core banking, mobile banking applications, CRM systems besides the supporting infrastructure and network.
• Leading internal & overseas subsidiaries IT audit projects and against external regulations such as UAE-NESA, SWIFT-CSP, etc.
Responsible for leading various Audit projects for the bank internal related IT assets in addition to guiding and leading follow assistant auditors in the various tasks.
Developing, presenting and finalizing audit reports. This process entails initial drafting of the report, discussion with management to ensure factual accuracy and concurrence and coordination with Management to obtain written responses to Audit's recommendations. Introducing and follow-up of the audit's findings with the upper-managment in techno-business approach. Leading and conducting Internal IT audit risk's assessments and followingly the enterprise IT Audit plan. Leading and conducting technical assessments and technical of the different information systems from core banking, mobile banking applications, CRM systems besides the supporting infrastructure and network. Introduced an independent 'Cyber Security Assessment Program' within the Internal Audit department. Execution of the different audit program such as the ISMS Framework and ensure it's compliance with the different standards such as ISO 27001 and PCI-DSS.
Provide security consultancies for major projects of 70% of the banking and financial industry.
Perform security assessments, (Vulnerability scans & Penetration testing).
Configure and troubleshoot UTM's from different vendors "Fortinet, Rohde & Schwarz / GateProtect".
Configuring and troubleshooting Mail security appliances “FortiMail, based on physical appliances and
virtualized environment, Web security appliances “FortiWeb” and various Fortinet Appliances such as
FortiSIEM, FortiVoice, etc…
Responsible to conducting Information Security training and supervising the implementation of the
different security measures for various number of clients, provide solution for different migration and
critical incidents for the various systems.
Lead Major Deployment of FortiSIEM and all the SIEM's projects aspects
- Lead different information security projects such as penetration testing for "E-Commerce" applications, compliance process for the related systems.
Designing and implementation of different solutions such as Enterprise-level VOIP systems, public hotspot
management solution.
Maintaining Data Security and providing alternative fail-over solutions in case of Data-loss incidents.
Configuring and implementing IT services and providing automation solutions in order to keep the
business continuity intact and speed up the management process.
Conducting vulnerability & performance assessment of the whole systems and providing mitigation to the
different issues from point-of-failures to hardware, software, services alternative solutions of the current
system.
Auditing different systems and service logs and troubleshoot possible issues that may affect the business
continuity flow.
Conducted several security assessments on some of the company web-applications and patched some
main security issues such as missing encryption, backup and failover solutions.
Involved in different information security tasks varying from performing vulnerability assessment and
penetration testing of the company network, firewall, and applications security.
Second-Class Degree