Senior Manager IT Audit

SUMMARY OF ROLE

The IT Audit Senior Manager is responsible for leading and executing IT audits across the bank, ensuring compliance with regulatory requirements, identifying risks, and enhancing IT controls. The role involves assessing IT governance, cybersecurity, data security, IT operations, digital banking platforms, and emerging technologies to safeguard the bank’s information assets.

KEY RESPONSIBILITIES:

IT Audit Planning & Execution:

Formulate a risk-based Annual IT Audit Plan in consultation with the Deputy Head and Head of Audit.

Implement the Annual IT Audit Plan, including special tasks as directed and in accordance with the Audit Manual.

Conduct independent assessments of IT systems, applications, databases, networks, and digital banking platforms.

Evaluate IT general controls (ITGC), application controls, and cybersecurity measures.

Assess IT disaster recovery, business continuity planning (BCP), and incident response frameworks.

Perform IT governance reviews to ensure compliance with regulatory requirements (e.g., Central Bank regulations, NIST, ISO 27001, COBIT).

Review IT risk management processes, including third-party/vendor risk assessments

Audit Project Management & Reporting:

Manage each audit project within pre-determined time budgets and deadlines.

Maintain high-quality working papers to support audit findings and conclusions.

Draft factual reports that describe weaknesses identified during audits, indicate their significance, and make constructive recommendations for remediation.

Finalize reports based on exit meetings with auditee management.

Assist the Deputy Head and Head of Audit in making constructive contributions to the preparation of the annual audit plan.

Cybersecurity & Digital Banking Audits:

Assess cybersecurity frameworks, penetration testing results, and security incident management.

Conduct audits of digital banking platforms, mobile applications, internet banking, and payment systems.

Ensure secure implementation of cloud computing, artificial intelligence (AI), blockchain, and other emerging technologies.

Risk Management, Compliance & IT Regulations:

Identify and evaluate IT risks, recommending mitigation strategies.

Ensure compliance with local and international IT audit standards and best practices.

Provide recommendations to strengthen internal controls and improve IT security.

Maintain up-to-date knowledge of global and Omani regulations applicable to the bank’s IT operations.

Monitor follow-up actions on audit findings and ensure timely resolution

Supporting Business & Operational Audits:

Assist co-auditors in business and operational audits to ensure proper IT-related risk assessments.

Provide IT audit expertise during audits of non-IT functions that involve technology risks.

Data Analytics & Continuous Monitoring:

Assist in extracting key requirements from CAAT tools such as ACL (Audit Command Language) and Business Objects (BO).

Leverage data analytics to enhance audit procedures and improve risk assessment processes.

IT Governance, Information Security & Bank Policies:

Assess data governance, privacy controls, and data protection measures.

Evaluate controls related to data integrity, confidentiality, and access management.

Review IT policies, procedures, and security frameworks to enhance compliance.

Ensure compliance with the bank’s policies, including HR, information security, and other relevant policies

Stakeholder Engagement & Advisory Role:

Prepare detailed audit reports with observations, risks, and recommendations.

Present findings to senior management, the audit committee, and external regulators as needed.

Collaborate with IT, risk, compliance, and business teams to enhance IT control frameworks.

Provide advisory services on IT risks and emerging threats

Process Innovation, Automation & Digitalization:

Drive continuous process improvement through innovative, automated, and digital solutions once required

Business Control & Governance

Ensure adherence to the bank's policies, regulatory requirements, and industry standards in all operational activities.

EDUCATION & EXPERIENCE REQUIREMENT

• Bachelor’s degree in Computer Science, Information Systems, Mathematics/ Statistics or relevant field.
• Required to have one or more of the following certifications: CISA, ITIL,CISM, CISSP
• More than 15 years (preferably in Banking sectors) of IT audit experience in GCC, (including) preferably few years of international experience.