IT & Security Auditor
Dubai Financial Market
Total years of experience :14 years, 3 Months
• Develop and execute comprehensive IT audit plans, considering risk assessments and compliance requirements.
• Assess the effectiveness and efficiency of IT controls, including general IT controls and application controls.
• Conduct IT audits across various systems, databases, and technologies to identify vulnerabilities and potential risks.
• Evaluate IT processes, policies, and procedures to ensure they are aligned with business objectives and regulatory standards.
• Ensure compliance with relevant data protection laws, industry standards (e.g., ISO 27001), and internal security policies.
• Prepare and present audit findings, risk assessments, and security reports to senior management and relevant stakeholders.
• Communicate complex technical concepts in a clear and understandable manner to non-technical audiences.
• Provide recommendations for improving IT controls, security measures, and risk management strategies.
• Manage a team of IT auditors and security professionals, providing guidance, support, and performance feedback.
• Foster a culture of continuous learning and professional development within the team.
• Independently plan and conduct moderately complex technical IT audits with specific focus on in house and 3rd party developed application/system, infrastructure, and process.
• Evaluating key IT & information security risks across the enterprise, Planning IT and security audit, defining & documenting audit scope. To work with other Tech Audit team members on all audits as required.
• Perform IT Governance, Network Security, Cyber & Information Security, Digital Banking, Business Continuity, and numerous Application/System Audit.
• Document and Report findings & recommendations in an audit report in a concise easily understood manner to relevant parties, with supporting documentation and evidence to back up the findings.
• Ensure that audits are completed in an effective, efficient, and timely manner in accordance with established standards, industry best practices and relevant regulatory requirements
• Follow up on closure of O/S Audit Issues on prior audit business units twice per annum, review and validate closure evidence and provide status data on Open/Closed issues to CIA as required.
• Ensure proper performance and quality of documentation during the audits. Build trust and credibility with stakeholders through objective and sustainable engagements and where appropriate, provide constructive challenge to improve or enhance internal controls.
• Participate in the audit team assignments and special reviews (when required by regulators, business lines, or senior management).
• Performing Risk Assessments and categorization of the risks
• Work with external and internal auditors and follow-up agreed action plans
• Participate in the elaboration and follow-up of the department budget
• Carry out periodic information security audits
• Manage PCI DSS project implementation
• Organize internal and external VAPT exercise on periodic basis
• Perform periodic vulnerability assessment of system and network devices
•Perform Information Security risk assessment of 3rd party applications
•Perform Information Security risk assessment of internal systems and applications
•Develop and publish Information Security awareness messages
•Compliance the numerous regulatory requirements of NESA, HKMA, FINMA, PRA, etc.
•Review security advisories
•ICS control review on periodic basis
•Develop Information Security Guideline
•Develop and Implement Cyber & Information Security Risk Assessment Framework
• Information Security Risk Assessment of different applications and systems in scope of PCIDSS v3.2 and ISO 27001
• Information security risk assessment of new digital banking products
• Establish, update and review Information Security policies, standards, procedures and guidelines including those related to PCI-DSS and ISO27001 standards
• Implementing Target Operating Model at Enterprise level
• Administrative support of Metric Stream GRC product in Riyad Bank
• Establish Risk Register of banking applications through GRC system
• Advise on numerous information security solutions
• Establish Information Security KRI and KPI framework
• Measuring Information Security department KRI’s
• Measuring KPI in scope of ISMS by GRC System
• Work for continuous improvement in ISMS program.
• Validate information security audit observations
• Implement ISMS program in Riyad Bank.
• Internal Control testing of Information Security department
• Ensure corrective and preventive measure on timely basis of ISMS program
• Audit of Oracle & SQL Database access Control.
• Audit of Active Directory of different (SaaS) environment through AD Manager Plus.
• Backups Audit of Oracle & SQL of different (SaaS) environments.
• Review of Patch Deployment on monthly basis.
• Supports information security awareness through assisting in development of training materials, facilitating orientations and drafting written communications.
• Annual review of Service Organization Controls (SOC 2 Type 1/2)
• Ensure that monthly, semi-annual and annual application inspections are conducted accurately and in a timely manner.
• Ensure that all requests are properly authorized and approved by the application or business owner prior to committing the change
• Administer the security of the Bank’s systems in accordance with Security Administration Procedures.
• Identifying Key Risk Indicators (KRI) of Information System.
• Creation of Risk Control Self-Assessment (RCSA) Matrix - INFORMATION TECHNOLOGY
• Creation of IT ICFR (Internal Control of Financial Report) on the requirement of SBP
• Conduct DR Drill with maximum load on every year and create a report.
• Administer the security of the Bank’s systems in accordance with Security Administration Procedures.
• Concept of network security through Firewalls, IDS, NAT, Proxy Server, DMZ, VPN & Honeypots
• Network security & vulnerability management for various Businesses and IT applications using Tenable Nessus.
• Identify and improve security processes and controls. Assist in implementing these improvements. Provide remediation support for deficiencies.
• Provide detailed technical information security advice and guidance to the support teams with in the IT units
• Responsible for configuration management involving strict adherence to change management process
• Establish and manage relevant SLAs with IT suppliers and ensure operational contracts are in place
• Creation of new accounts and resetting passwords of bank different application and systems.
• Access Control Administration (including process doc, resolution of all access requests and periodic reviews of User profiles / access rights).
• Establish, communicate and maintain information security policies that support the security strategy. Assist in identifying, prioritizing and resolving vulnerabilities in time.
• Prepare security administration related documentation.
Achievements
As an essential part in two big integrations
Integration 2007 - 2008 of Prime Bank with ABN AMRO Bank.
Integration 2008 - 2009 of ABN AMRO Bank with RBS Bank.
URL removed due to policy violation. Please contact support for further information.