Audit Head – Group IT, CISO, BCM and Risk Management
To support Group Audit in providing assurance to Senior Management and the Audit Committee on the adequacy and effectiveness of internal controls primarily related to all aspects of Information Technology, Information & Cyber Security, Business Continuity Management, Digital, Operational and IT Risk Management. It includes:
- Delivery of audit assignments in line with the annual plan and scope
- Providing ongoing business monitoring, risk assessment and input to the annual audit plan
- Managing relationships within the organization or external parties
- Adhering to and contributing for the maintenance of Audit methodology, practices and supporting tools
Principal Responsibilities, Accountabilities and Deliverables of Role:
Know your business
- Monitor business activity to identify any changes in risk profiles or deterioration in control environment and updating audit risk assessment and plans to align with emerging risks/control issues – these can be achieved through activities such as regular meetings with local heads of functions / departments;
- Keep abreast of new laws, regulations, rules, Group and local policies, products, technologies and projects and consider implications.
Maintain the Audit Universe
- Assist the Audit Head in maintaining a structured inventory of auditable entities representing the total population of Units, functions, departments, branches and representative offices.
Develop the Annual Audit Plan
- Contribute to the development of the Annual Audit Plan based on risk assessment taking into account business monitoring activities and specific requests from Management.
Deliver the Annual Audit Plan
- Perform audit assignments in line with the approved Annual Audit Plan, on time and within budget.
Adhere to audit standards and requirements
- Adhere to Group Audit and international standards and requirements related to the IIA code of ethics, principles, staffing, methodology and the quality of work papers, deliverables and reporting.
Manage relationship with key stakeholders
- Maintain an appropriate, pro-active, constructive and balanced relationship with Management; supporting Group Audit in the fulfillment of obligations and responsibilities in respect of governance, risk management and internal controls.
Maintain the local Corrective Action Tracking process
- Support Group Audit with pro-active and effective tracking / monitoring of progress achieved with the implementation of agreed corrective action plans related to audit reports published.
Manage self-career development
- Pursue continuous development of knowledge, skills, experience and professional certifications to support Internal Audit responsibilities. Seek coaching and mentoring with more experienced colleagues whenever required for career development and achieving greater responsibilities in future.
Job Context (Circumstances & environment surrounding the job):
Group Audit (GA) consists of a Bahrain-based team plus local Internal Audit teams based in overseas units of ABC. GA is responsible for providing independent assurance on the adequacy and effectiveness of ABC’s internal controls to the Executive Management and the Board of ABC (via the Audit Committee). This is achieved by completing Audit assignments according to a risk-based Annual Audit Plan. The results of the Audit assignments are included within published Audit Reports which contain audit issues requiring management to undertake corrective actions to address any control weaknesses identified. Issues are also presented to the Audit Committee of the Board of ABC on a quarterly basis.
Given the nature of GA’s role within the business, the job holder is expected to uphold the highest standards of integrity and confidentiality at all times. The volume, importance and confidentiality of the material with which the job holder will deal with will require a strong sense of discretion and the ability to organize and present material in a structured way.
Group Audit staffs liaise with individuals at all levels within the organization, including Executive Management and Board members. The job holder will be required to conduct all interactions with courtesy, respect and professionalism.
- Strong knowledge of processes and controls related to the technical aspects of Operational Resilience (i.e. Information Technology, Information & Cyber Security, IT Disaster Recovery Management, 3rd party management and IT & Cyber Risk Management);
- Exposure to one or more of the following IT processes: application development and support, change and release management, incident and problem management and logical access management;
- Knowledge from hands-on or auditing controls associated with one or more of the following on-premises/cloud technology platforms: databases (Oracle, SQL Server), operating systems (Windows, Unix, Linux), virtualization, networking and telecommunications;
- Exposure to IT & Cyber Security controls for end-user, data, application, network and perimeter
- Good understanding of financial services and electronic payment services
- Familiarity with mobile banking applications, digital banking, cloud computing, APIs, Fintech, agile project methodologies among others;
- Knowledge of COBIT, ISO 27000 series NIST and other industry standard frameworks
- Knowledge of regulatory requirements related to Technology, Cyber Security, Data Protection, Cloud Computing and Business Continuity;
- Fluent in English (and a second language is desirable, French or Arabic
Education / Qualification
- University degree preferably in Information Technology, Computer Science or related subjects. Preferably post-graduated;
- Desirable possessing relevant professional certifications such as CISA or CISSP.
- Preferably 5+ years of professional experience, with a minimum of 3 years in the IT audit / assurance field within financial services;
- Exposure to Digital Transformation and/or Innovation projects;
- Proven experience in the identification and assessment of risks and controls related to IT, Information & Cyber Security and Digital initiatives;
- Experience in performing technical audits and business-integrated audits;
- Familiarity with agile methodologies;
- Familiarity with and exposure to different audit methodologies and with workflow-based audit software e.g. SAI Global-BWise, Teammate, etc.
- Excellent organizational skills and ability to work proactively with minimum supervision
- Excellent attention to detail and analytical skills
- Strong judgment and decision making skills
- Ability to influence change and instigate process improvement
- Ability to manage conflict and work under pressure
- Strong time management and results orientation
- Strong interpersonal skills to ensure effective interactions with all levels in the business
- Ability to speak confidently to senior stakeholders
- Ability to write articulating technical audit issues in business language
- Flexible and positive approach to work, ‘can do’ attitude