IT Auditor  

Job Summary:

The IT Auditor plays a crucial role in evaluating computer information systems, conducting risk assessments, and performing internal control and audit reviews. He/She ensure compliance with application and infrastructure security standards, identify weaknesses, and develop strategies to prevent security breaches. The IT Auditor also assesses financial, operational, compliance, and reputational risks, and provides recommendations to enhance governance, risk management, compliance, and internal control activities within the organization.

Essential duties and responsibilities

• Collaborate with the Head of Department to plan and scope annual and ad hoc information security audits.
• Develop and maintain Internal Audit Procedures to ensure best practices are followed and specific areas of risk are addressed.
• Prepare detailed audit planning memoranda, programs, and procedures for each audit assignment, covering various areas such as network reviews, application systems review, database reviews, security reviews, and more.
• Execute audit assignments, document well-referenced working papers and evidence, and ensure confidentiality, integrity, and availability of data and business applications.
• Prepare comprehensive audit reports, including findings from pre- and post-implementation reviews, general and application controls audits, IT security evaluations, compliance testing, and IT management policy reviews.
• Prepare audit finding memoranda and working papers, ensuring adequate documentation to support completed audits and conclusions.
• Present written and oral reports and technical information in a concise and accurate manner to management.
• Recommend revisions or additions to policies and procedures to improve governance systems, risk management, compliance, and internal control environment.
• Maintain a comprehensive system for recording audit plans, work papers, findings, reports, and follow-up audits. Monitor the implementation of audit recommendations and follow up on findings.
• Address control issues on new business processes, policies, and procedures, and provide consultative services to management as requested.
• Conduct investigative audits when necessary to evaluate instances of fraud, dishonesty, or gross negligence violating the company's code of conduct.
• Perform information control reviews covering system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, business continuity planning, and system maintenance.
• Provide suggestions and guidance on leading practices in IT risk management, focusing on application and information security, network, data privacy, and DR/BCP.
• Offer guidance to Business and IT management on IT risk management matters, especially related to application and infrastructure security.
• Participate in the change management process, providing recommendations and guidance on security and control risks.
• Review and assess internal control procedures and security for systems under development or enhancements.
• Assist and train other audit staff in the use of computerized audit techniques and methods for analyzing computerized information systems.
• Stay updated on developments related to IT sector's laws, regulations, best practices, tools, techniques, and audit standards through continuous professional development.
• Conduct operational, compliance, financial, and investigative audits as assigned.
• Perform other related duties as assigned.

• Bachelor's degree in relevant field (e.g., Information Technology, Computer Science, Finance, Accounting).
• Training in internal audit processes and relevant frameworks (ISO 27001, PCI-DSS, etc.).
• Minimum of 2 years of auditing experience in Information Technologies/Information Systems.
• Familiarity with multiple technology domains and information security standards.
• Strong communication skills and ability to collaborate effectively.
• Attention to detail, analytical mindset, and problem-solving skills.
• Leadership abilities and a proactive, results-driven orientation.
• Relevant certifications (CISA, CIA, CPA, CISM) and advanced degrees are desirable but not required.