Audit Portfolio Manager
Petrofac
Total years of experience :19 years, 4 Months
Audit Portfolio Manager
Petrofac, Sharjah, UAE
June 2016 - Present
Job Profile:
Lead a portfolio of audits identified at the beginning of the year. accountable for planning, delivery (Scoping, Planning, Execution, Reporting and Closure) monitoring and reporting to the CAE.
responsible for uploading the Findings to the database of Findings and assigning the relevant owner for each finding.
Responsible for delivering the assigned audit work in line with INA methodology with minimal supervision and providing direct support and where appropriate coaching to the Audit Lead and other team members.
Responsible for developing the Annual IT Audit Programme by identifying risk based audits in areas of expertise/business.
Verifying completion of Agreed Management Actions for Findings.
Support quarterly reporting to Management and the Board (e.g. ExCom and the Audit Committee). This includes updating data, writing sections of reports, developing insights and themes.
Adequately analyzing and documenting all information systems and related controls, and developing an appropriate audit program to test the controls identified.
Preparing draft audit reports in good form, with recommendations, appraisals, or analyses that will assist the key auditees discharge of his or her responsibilities.
Evaluating the adequacy of the security and processing controls as they relate to each audit, and the effectiveness of general computer controls in effect in the IT environment.
Monitoring the project status of new systems development, disaster recovery testing, and the organization's business continuity plan, and other activities related to IT processing.
Reviewing the reliability and integrity of the financial and operating information and the means used to identify, measure, classify, and report such information.
Reviewing the means of safeguarding information assets and monitoring of ongoing performance metrics established by the IT and Security Departments
Appraising the economy and efficiency of how resources are employed.
Reviewing operations and programs to determine if results are consistent with department goals and objectives.
Preparing audit workpapers according to established department guidelines and industry standards.
Providing assistance and guidance to the outside SME auditors to insure a timely and efficient completion of the audit.
Providing assistance to the Head of Internal Audit and the other Senior Audit Manager on special projects and assignments.
Presenting audit findings or other relevant information to Senior Management and/or the Audit Committee on the effectiveness and adequacy of risk management, governance, and internal control procedures.
Developing and maintaining effective interpersonal relationships with IT, business and management
Responsible for Technology and vendor evaluation and assessments and timely closure of all issues identified
Responsible for Quarterly Data Center and IT process audits as part of ISO27001 Audit preparations.
Responsible for development and management of the Archer eGRC application modules and templates.
Applying regular content update and upgrades to latest versions of Archer eGRC
End-user awareness / Training in Information security.
Responsible for Policy, Standards and Baseline updates and reviews.
Providing support and assist in internal and external ISO27001 surveillance audits
Advising CISO on information security technologies and related regulatory issues
Achievements:
Awarded best performer award for my continuous efforts and process improvements
Received SISA Champion award for excellent performance during the CPISI workshop and awarded CPISI certificate
Identify areas of risk; Assess control environment, Key Risk indicators and the Change control mechanism for assigned processes or functions of the company
• Work with various internal departments and become familiar with the overall businesses strategy to effectively execute each risk & control program.
• Assisting internal clients in implementing and deploying an operational risk strategy, including services such as: operational risk governance/ framework development, risk and control self assessments, key risk indicators.
• Conduct risk based assessments on ITS (Software Development, Production Support, Database Admin, System Admin, Information Security Admin, Testing, QA) processes in order to better determine areas of focus for internal controls.
• Evaluating the design effectiveness of internal control processes for ITS processes.
• Assist in creating governance standards and necessary tools required to support requirements.
• Developing, implementing and monitoring compliance.
• Support day to day management of relationships and communications with business partners at various levels of the organization, as well as other internal and external resources.
• Travel in company locations in India for achieving above stated objectives.
• To work in a six sigma controlled and process oriented environment
Promoted as part of Step-up Role from Assistant Manager - IT Security (technical) to Assistant Manager Operation - IT Security owing to excellent procedural knowledge and experience in handling various difficult issues and people.
• Managing 10 Assistant Managers - IT Security(Technical) report to me as Directs and functionally another 4 for day to day process related tasks and issues.
• Handling additional responsibility of Lead Business Information Risk Officer (BIRO).
• Prepared Action Plan and coach analysts effectively.
• Contributed to Quality initiatives and ensure team performance is in sync with process goals.
• Performed random audits of team Internet and emails usage on regular basis.
• Performed AM Stack Ranking and monthly Reviews.
• Facilitated new tasks migration for all the process reporting under me.
• Proactively contributed to process documentation, transition, training and implementation for new task migration.
• Ensured effective cross training of staff by designing training plans and implementation.
• Ensured sharing of best practices is done on regular basis by conducting tech forum every Friday, motivate all staff participate and share information.
• Ensured all monthly metrics for the process are delivered on time by delegating tasks and checked for accuracy and completeness within deadlines.
• Recent Audit and Compliance review done for the process resulted in satisfactory ratings.
• Developed and maintained good rapport with Directs, peers group, management and business partners.
EC Council Certified Security Analyst
Certified Information System Security Professional