Senior Audit Manager
Abu Dhabi Education Council (ADEC)
Total years of experience :22 years, 0 Months
• Responsible for setting up IT Audit and Security section from ground up.
• Acted as Subject Matter Expert for IT Division’s ISO27001 certification and received an award.
• Acting as Management Representative (MR) for Internal Audit’s ISO 9001 certification.
• Providing security-related technical leadership and consulting to Internal Audit and IT Divisions.
• Responsible for conducting detailed, risk-based evaluations and compliance of the design and operating effectiveness of Information Technology controls throughout the government entity.
• Act as subject matter expert on Abu Dhabi Accountability Authority (ADAA) methodology and Governance Portal. Helped ADEC achieve 100% compliance on technology component of ADAA’s audit.
• Provide knowledgeable opinion on ADEC’s compliance efforts with information security standards and Abu Dhabi Systems & Information Centre (ADSIC) security requirements.
• Report to top management on the status of the system of internal controls based upon results from compliance review programs, including escalation of issues in non-technical terms.
• Actively managing a team of co-sourced security and audit professionals including scheduling/monitoring of work activities, adherence to quality standards and performance management.
• Managed and supervised a team of 5 auditors and senior auditors to conduct IT security and compliance audits across the Group.
• Responsible for evaluating the adequacy and effectiveness of internal controls in IT governance and management, computerized systems, local area networks, database systems, technical support, systems development and related IT processes.
• Performed in depth assessments against different IT security and governance standards such as COBIT, ISO 27001 etc.
• Provided ad hoc security recommendations to the IT department on different related matters.
• In charge of audit staff coaching, training and performance appraisals.
• Responsible for preparing comprehensive written reports and presentations for senior management to communicate issues, audit results and recommendations for improvement.
• Analysis of clients’ network architectures, reviewed policy and procedure documentation and provided recommendations through technical deliverables.
• Performed security reviews for operating systems (Windows, Unix), databases and applications
• Applied risk management and information security principles, techniques and standards for assessing and implementing information security from an IT governance, process and technology perspective.
• Involved in SOX advisory for SEC registrant subsidiaries. Developed tests of internal controls, assessed control deficiencies and recommended improvements to internal controls.
• Acted as controls specialist for SAP R/3 including designing, testing and implementing internal controls with combination of manual, standard, configurable, security and monitoring.
• Performed ‘Segregation of Duties’ analysis using tools such as VIRSA, CSI etc. and reported the findings to management.
• Delivered lectures on Information System Security covering areas on Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Operations Security and Physical Security.
• Interacted with students and created study material as well as exams
• Managed a cross functional and technical team to produce software solutions of varying complexity (both Web and Windows) using .NET framework that deliver on the requirements, are high quality, and are on time and on budget.
• Designed and implemented complex T-SQL scripts and queries for data extraction as well as to support the data access layer for the applications.
• Provided guidelines to IT management for managing their exposure to an acceptable level
• Worked with business analysts and quality assurance personnel to effectively and securely implement the data warehouse system.
• Performed financial and BI (Business Intelligence) Reporting by MDX queries for database cubes and /or by software tools such as Microsoft Analysis Services, IntelliBrowser etc.