Sr IT Auditor
Al Majdouie Group of Companies
Total years of experience :21 years, 1 Months
Plan and develop risk-based audit programs for IT Operation, IT Application Support and Development, IT Governance based on Organizational and Management Practices, Personnel Practices, Data Security Practices, Information Integrity Practices, Software Integrity Practices, Incident Response Practices, Network Protection Practices, Disaster Recovery and Business Continuity etc.
Identify processes, develop audit objectives, prepare the risk assessment and audit schedules for each audit assignment.
Performs audit procedures, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.
Identifies, develops, and documents audit issues and recommendations using independent judgment concerning areas being reviewed.
Supervises and direct the work of internal Audit team, through constant coordination and monitoring of work in progress.
Communicates or Assists in communicating the results of audit and consulting projects to management.
Lead and give guidance to the internal audit team throughout all audit assignments such as: Risk Based Audits (RBA), Follow up and ensure governance and compliance are controlled and met.
Plan and Manage risk-based audit programs for IT Operation, IT Application Support and Development, IT Governance based on Organizational and Management Practices, Personnel Practices, Data Security Practices, Information Integrity Practices, Software Integrity Practices, Incident Response Practices, Network Protection Practices, Disaster Recovery and Business Continuity etc.
Use knowledge of the current IT security environment and industry trends to: identify issues, assess the impact, develop effective solutions and communicate this to the audit teams and clients through written correspondence and verbal presentations.
Supervise, coach and train staff auditors during planning, field work and reporting phases of audits.
Review Audit reports and division's reply to audit observations/recommendations and appraise adequacy of corrective actions proposed in a timely manner.
Plan and conduct Audit opening and Closure meetings.
• Perform and lead assigned audits, including Network Security, System Implementation, Disaster Recovery, and IT General Controls by interviewing, reviewing, documenting, evaluating, and testing ERP systems, operating systems, databases, applications, and other infrastructure controls.
• Use knowledge of the current IT security environment and industry trends to: identify issues, assess the impact, develop effective solutions and communicate this to the audit team and client management through written correspondence and verbal presentations.
• Plan and develop risk-based audit programs for Network Security Reviews, System Implementations, IT Policy Compliance, Disaster Recovery and Business Continuity etc.
• Administrative activities of TeamMate Audit Management system.
• Ensure that working papers evidence for audit work performed and document findings for the audit team using TeamMate EWP Audit Management System.
• Supervise, coach and train staff auditors during planning, field work and reporting phases of audits.
• Discuss audit findings with division IT Director and/or other management - responsible official of organization during and at the completion of audit.
• Draft written audit reports to management stating findings and recommendations in regard to systems, procedures, internal controls and other appropriate matters.
• Review division's reply to audit observations/recommendations and appraise adequacy of corrective actions proposed in a timely manner.
• Liaise with IT management to plan and implement various activities and special projects.
• Identifying IT risks and independently evaluates the efficiency and effectiveness of information technology infrastructure and application controls, including security and internal controls.
• Identify and evaluate IT risk area and provide key input to the development of the annual Audit Plan.
• Follow the audit procedures to identify and define issues, develop audit criteria, review and analyze evidence, and document processes and procedures.
• Conduct interviews, review documents, develop and administer surveys, compose summary memos, and prepare working papers.
• Identify and document audit issues and recommendations using independent judgment concerning areas being reviewed.
• Communicate or assist in communicating the results of audit and consulting projects via written reports and face to face presentations to management.
• Plan and execute IS audits and evaluates IT internal controls and works collaboratively with management to identify actions needed.
• Conduct data analysis, and security reviews
• Act as liaison with IT business partners to ensure full understanding of data flow, data integrity, and system security.
• Assess IT control elements to mitigate risks regarding the Confidentiality, Integrity, and Availability of business information.
• Maintain all organizational and professional ethical standards and ensure all internal audit activities carried out or supervised are in compliance with ISO 27001:2005 ISMS specification and ISACA (Information Systems Audit and Control Association) Standards.
• Conduct consulting engagements related to Information and network security, Business continuity and disaster recovery based on best practices of each area
• Assist in providing day to day guidance to other Internal Audit staff in relation to IT related audits and other audit-related issues.
• Represent internal audit at project team meetings, at management meetings, and meetings with external organizations.
Managing a team of 6 SQA’s & many P-SQA’s
Planning & assigning tasks & responsibilities to team members based on requirement and monitoring & tracking the same.
Create status reports & report the same to higher management
Prepare, own & track the Software Quality Assurance (SQA) Plans for projects
Proactively alert the project team and senior management to handle issues with respect to process and quality.
Conduct software release readiness review for product release of programs/ products at a component level
Computer Science Engineer