IT Internal Auditor
On-site Baghdad, Baghdad Governorate, Iraq IT Full time
Description
The role of IT Internal Auditors to assess and evaluate an organization's information technology systems, processes, and controls. The IT Internal Auditors ensure that IT assets are safeguarded, data integrity is maintained, and IT systems operate effectively and efficiently. The IT Internal Auditors identify risks related to IT and cybersecurity, assess the adequacy of controls to mitigate these risks, and make recommendations for improvement. They also ensure compliance with laws, regulations, and industry standards related to IT. Their work helps organizations enhance the security, reliability, and performance of their IT systems and infrastructure
Main Responsibilities and Duties
1. Conduct risk assessments and identify potential IT risks within the organization's systems and processes
2. Evaluate the adequacy and effectiveness of internal controls related to IT systems, including security, access controls, change management, and data integrity.
3. Perform IT audits to assess compliance with industry standards, regulatory requirements, and company policies.
4. Review and analyze IT policies, procedures, and documentation to ensure they are up to date and align with best practices.
5. Identify weaknesses or gaps in IT controls and provide recommendations for improvement.
6. Collaborate with IT and business stakeholders to develop remediation plans and track progress on identified issues.
7. Stay updated on emerging trends and developments in IT auditing, cybersecurity, and regulatory requirements to ensure the company's IT environment remains compliant and secure.
8. Perform data analysis and utilize data analytics tools to identify patterns, anomalies, or trends that may indicate potential risks or control deficiencies.
9. Prepare clear, concise, and comprehensive audit reports summarizing findings, recommendations, and action plans.
10. Present audit findings to management and provide guidance on implementing recommended improvements.
11. Assist in the development and maintenance of the annual IT audit plan.
12. Participate in special projects or initiatives as assigned by management.
13. Collaborate with external auditors to provide necessary information and support for external audits related to IT controls and processes (including regulatory audits).
14. Monitor and assess the effectiveness of remediation actions taken to address identified IT control deficiencies.
15. Provide training and guidance to IT and business stakeholders on IT controls, compliance requirements, and best practices.
Requirements
1. Bachelor's degree in information technology, computer science, or a related field.
2. Professional certifications desirable such as Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or ISO 27001 Lead Auditor are preferred.
3. Proven experience 5 Years experience in IT auditing, preferably within the financial services or e-payment industry.
4. Strong knowledge of IT governance frameworks, such as COBIT or ITIL.
5. Familiarity with industry regulations and standards, such as PCI DSS, ISO 27001.
6. Familiarity with the regulatory requirements and instructions (mainly CBI regulations).
7. Experience with conducting vendor/third-party IT audits to assess the security and compliance of external outsourcing parties.
8. Knowledge of emerging technologies and their impact on IT risks, such as cloud computing, artificial intelligence, and blockchain.
9. Proficiency in performing risk assessments, developing audit plans, and executing audit procedures.
10. Solid understanding of IT systems, including networks, databases, operating systems, and application controls.
11. Experience with data analytics and proficiency in using data analysis tools.
12. Excellent analytical and problem-solving skills, with the ability to think critically and identify control weaknesses or process improvements.
13. Strong written and verbal communication skills, including the ability to present complex technical concepts to non-technical stakeholders
