Head Of Internal Audit
Ministry Of Labor And Social Development - Saudi Arabia
Total years of experience :14 years, 9 Months
Managing Internal Audit function
Managing IT Audit department.
* Responsible for implementing and handling the IT Audit function in the PPA. Prepare and establish the IT Audit Methodology that covers Planning, Fieldwork and Reporting. Also, preparing all documents and templates required to perform the work such as: Annual Planning (as per Risk Based Methodology), Audit Program, Audit Report.
* Provide consultancy to the Business Continuity Committee and Information Security Committee.
* Performing some audit engagements such as IT Quality Audit, IT Management Structure Audit, Pension & Investment Applications Audit and evaluating the level of compliance with the ISO27001 requirements.
* Secretary of the PPA’s Audit Committee, and responsible for arranging the quarterly meeting, prepare the Quarterly Audit Report, and Audit Committee Report and recommendations.
* Supervision the IT External Audit activities.
* Oversee the issuance and presentation of audit reports, observations, and other deliverables.
* Conduct risk assessment for the respective audit area with the related teams.
* Prepare and review audit program for respective audit area.
* Conduct opening meeting with clients before the start of the audit and conduct exit meeting with clients during finalization of audit report.
* Conduct discussion with clients during the course of the audit for any clarifications, for expediting the audit etc.
* Issue and discuss the audit report with the Head on IT Audit Department and related Audit areas.
* Monitor the progress and the status of the audit assignment against the agreed plan and also meet audit team in a regular basis and guide them.
Examining, reviewing and evaluating IT related controls. This includes reviewing the following:
Physical Security controls to ensure that only authorized personnel are allowed to access a facility, resource, or information.
Logical Access to ensure that access is granted based on business need and make sure that user access review are performed in regular basis based on the criticality of the system and also based on Business Impact Analysis (BIA).
Change management processes/procedures to ensure that changes are authorized and they meet business requirements.
Source code/version control procedures to ensure the integrity of the program code.
SDLC process and procedure to ensure that IT projects are effectively managed.
Problem/Incident management procedure to ensure that operational processing errors/incidents are addressed and also to make sure that first line support are working effectively
Hardware/software configuration, installation and testing to ensure they have been configured & installed based on the standards.
BCP, BRP and backup to ensure the business continuity incase of any disaster.
Agreements e.g. SLAs, Escrow agreements and Non-Disclosure agreements (confidentiality agreements) to ensure they are in place.
KPIs / KRIs are identified and documented to ensure the success of the particular activities ant
MBA candidate with honer degree.