Internal Audit Manager

Job summary:

The Internal Audit Manager is responsible for providing independent and objective assurance and advisory services designed to add value and improve the organization’s operations. The role supports the Board and senior management by evaluating and improving the effectiveness of governance, risk management, internal controls, regulatory compliance, and technology controls within a fintech operating environment, in line with Central Bank of Oman (CBO) requirements and international internal audit standards.

Responsibilities:

1. Internal Audit Planning & Risk Assessment

• Develop, maintain, and update a comprehensive audit universe covering financial, operational, regulatory, compliance, IT, cybersecurity, and strategic risks.
• Conduct enterprise-wide risk assessments at least annually, considering fintech-specific risks such as digital fraud, system outages, cyber threats, outsourcing, data privacy, and regulatory change.
• Prepare a risk-based annual internal audit plan, ensuring alignment with business objectives, risk appetite, and regulatory expectations.
• Present the audit plan to senior management and the Audit Committee for review and approval, and revise it as needed in response to emerging risks.

2. Execution of Internal Audit Assignments

• Plan and execute internal audit engagements in accordance with Institute of Internal Auditors (IIA) Standards and approved audit methodologies.
• Define audit objectives, scope, timelines, and audit programs for each engagement.
• Perform audit fieldwork including walkthroughs, control testing, sampling, data analysis, and substantive procedures.
• Assess the design and operating effectiveness of internal controls and identify control gaps, inefficiencies, and weaknesses.
• Identify potential fraud risks and assess fraud prevention and detection mechanisms.

3. Financial & Operational Audits

• Review controls over financial reporting, transaction processing, reconciliations, settlements, fee calculations, and revenue recognition.
• Assess adequacy of segregation of duties, authorization controls, and delegated authority limits.
• Evaluate operational processes related to payments, digital wallets, merchant onboarding, settlements, refunds, chargebacks, and dispute resolution.
• Verify safeguarding of customer funds, trust or escrow arrangements, and liquidity management controls.

4. Regulatory & Compliance Audits

• Assess compliance with Central Bank of Oman (CBO) laws, regulations, circulars, licensing conditions, and supervisory expectations applicable to fintech and payment service providers.
• Review the effectiveness of AML/CFT controls, including:
• Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
• Transaction monitoring systems
• Suspicious Transaction Reporting (STR)
• Sanctions and watchlist screening
• Evaluate compliance with consumer protection, data privacy, and record retention requirements.
• Monitor remediation of regulatory findings and report status to senior management and the Audit Committee.

5. IT, Cybersecurity & Technology Audits

• Conduct audits of IT General Controls (ITGC) including access management, change management, system security, and incident management.
• Review cybersecurity controls, vulnerability assessments, penetration testing results, and incident response procedures.
• Assess governance and controls over fintech platforms, APIs, cloud infrastructure, and system integrations.
• Review business continuity plans (BCP), disaster recovery (DR) arrangements, and system resilience testing.

6. Third-Party & Outsourcing Oversight

• Evaluate governance, risk management, and controls over outsourced activities, vendors, and technology partners.
• Review vendor due diligence, contracts, service level agreements (SLAs), data protection clauses, and exit strategies.
• Assess compliance with CBO outsourcing and third-party risk management guidelines.
• Monitor ongoing performance and risk exposure of critical service providers.

7. Audit Reporting & Communication

• Prepare clear, accurate, and timely internal audit reports detailing findings, root causes, risk ratings, and practical recommendations.
• Discuss audit results with management and agree on corrective action plans and implementation timelines.
• Present audit reports, key risk themes, and issue status updates to the Audit Committee and senior management.
• Maintain proper audit documentation and working papers in line with professional standards.

8. Follow-up & Issue Management

• Track management action plans and verify timely implementation of agreed audit recommendations.
• Conduct follow-up reviews to validate closure of audit findings.
• Escalate overdue, high-risk, or unresolved issues to senior management and the Audit Committee.
• Maintain an audit issue tracking system and report trends and recurring issues.

9. Advisory & Continuous Improvement

• Provide independent advisory support on new product launches, system implementations, process changes, and strategic initiatives, while maintaining objectivity.
• Review and recommend improvements to internal policies, procedures, and governance frameworks.
• Promote continuous improvement in internal controls, operational efficiency, and risk management practices.
• Leverage data analytics and audit automation tools to enhance audit coverage and effectiveness.

10. Governance, Ethics & Professional Standards

• Promote a strong culture of compliance, ethics, and risk awareness across the organization.
• Ensure adherence to the company’s Code of Conduct and internal policies.
• Maintain independence and objectivity of the internal audit function.
• Stay updated on regulatory developments, fintech risks, and professional auditing standards through continuous professional development.

Experience/Skills:

• Minimum 6–10 years of experience in internal audit, risk management, or compliance within fintech, banking, payments, or financial services.
• Strong working knowledge of CBO regulations, AML/CFT frameworks, and fintech regulatory requirements.
• Experience in IT audits, digital platforms, and technology-driven environments is highly desirable.

Skills & Competencies

• Strong analytical and problem-solving skills
• Excellent report writing and presentation abilities
• High level of integrity, independence, and professional judgment
• Strong understanding of fintech business models and emerging risks
• Effective communication with senior management and Board-level stakeholders

Preferred Qualifications:

Education

• Bachelor’s degree in Accounting, Finance, Business Administration, Information Systems, or a related discipline.

Professional Certifications (Preferred)

• CIA, ACCA, CPA, CISA, or equivalent professional qualification.