Ibrahim AlFaifi

Head Of Internal Audit at Ministry Of Labor And Social Development - Saudi Arabia

• Saudi Arabia - Riyadh
• My current job since October 2019

Managing Internal Audit function

IT Audit Director at Al Rajhi Bank

• Saudi Arabia - Riyadh
• April 2018 to September 2019

Managing IT Audit department.

IT Audit Manager at Al Rajhi Bank

• Saudi Arabia - Riyadh
• March 2015 to March 2018

IT Auditor at Communications and Information Technology Commission

• Saudi Arabia
• June 2014 to March 2015

IT Auditor at Public Pension Agency

• Saudi Arabia - Riyadh
• May 2012 to May 2014

* Responsible for implementing and handling the IT Audit function in the PPA. Prepare and establish the IT Audit Methodology that covers Planning, Fieldwork and Reporting. Also, preparing all documents and templates required to perform the work such as: Annual Planning (as per Risk Based Methodology), Audit Program, Audit Report.

* Provide consultancy to the Business Continuity Committee and Information Security Committee.

* Performing some audit engagements such as IT Quality Audit, IT Management Structure Audit, Pension & Investment Applications Audit and evaluating the level of compliance with the ISO27001 requirements.

* Secretary of the PPA’s Audit Committee, and responsible for arranging the quarterly meeting, prepare the Quarterly Audit Report, and Audit Committee Report and recommendations.

* Supervision the IT External Audit activities.

Senior IT Auditor at Al Rajhi Bank

• Saudi Arabia - Riyadh
• May 2011 to May 2012

* Oversee the issuance and presentation of audit reports, observations, and other deliverables.

* Conduct risk assessment for the respective audit area with the related teams.

* Prepare and review audit program for respective audit area.

* Conduct opening meeting with clients before the start of the audit and conduct exit meeting with clients during finalization of audit report.

* Conduct discussion with clients during the course of the audit for any clarifications, for expediting the audit etc.

* Issue and discuss the audit report with the Head on IT Audit Department and related Audit areas.

* Monitor the progress and the status of the audit assignment against the agreed plan and also meet audit team in a regular basis and guide them.

Internal Auditor at Riyad Bank

• Saudi Arabia - Riyadh
• August 2009 to May 2011

Examining, reviewing and evaluating IT related controls. This includes reviewing the following:
Physical Security controls to ensure that only authorized personnel are allowed to access a facility, resource, or information.
Logical Access to ensure that access is granted based on business need and make sure that user access review are performed in regular basis based on the criticality of the system and also based on Business Impact Analysis (BIA).
Change management processes/procedures to ensure that changes are authorized and they meet business requirements.
Source code/version control procedures to ensure the integrity of the program code.
SDLC process and procedure to ensure that IT projects are effectively managed.
Problem/Incident management procedure to ensure that operational processing errors/incidents are addressed and also to make sure that first line support are working effectively
Hardware/software configuration, installation and testing to ensure they have been configured & installed based on the standards.
BCP, BRP and backup to ensure the business continuity incase of any disaster.
Agreements e.g. SLAs, Escrow agreements and Non-Disclosure agreements (confidentiality agreements) to ensure they are in place.
KPIs / KRIs are identified and documented to ensure the success of the particular activities ant