Specialist - IT Internal Audit

Job Purpose:

Execute IT audit and advice services, encompassing auditing, risk assurance, and consultancy, focusing on revenue and cost process reviews, resources utilization, usage of automated applications and technology, and contractual arrangements to support Dubai Health in achieving its objectives by enhancing the effectiveness and efficiency of operations, risk management, and governance.

Roles & Responsibilities:

1. Assist Head of Section in audit delivery, risk identification, and process assessment for the assigned Dubai Health business portfolio.
2. Conduct assurance and advisory assignments at Dubai Health and provide risk-related inputs for the department’s assurance planning process.
3. Collaborate with the Head of Section Internal Audit to outline assurance and advisory assignments and develop work programs to assess IT risks and controls across various environments, including servers, networks, databases, business applications, cybersecurity, IT processes, and projects.
4. Determine the best audit approach, techniques, and procedures required to complete the audit program.
5. Collect, validate, analyze data, and perform tests assess the effectiveness of the control environment while identifying opportunities for business improvement in the following areas, including but not limited to: IT infrastructure, architecture, application systems, IT projects, information/cybersecurity (e.g., network, operating system, cloud, database, security incident response); disaster contingency planning and IT processes.
6. Assist in development and implementation of quality control measures to ensure the accuracy of data and deliverables, in line with internal audit, organizational standards, policies, and regulatory requirements (such as GDPR, PCI-DSS).
7. Discuss assurance and advisory outcomes with the appropriate level of management within the business.
8. Collaborate with business and IT stakeholders to agree on practical and implementable actions to address identified risks.
9. Draft the assurance and advisory report, follow up on responses, and ensure that appropriate actions are taken to implement agreed-upon actions.
10. Document working papers in support of assurance and advisory outcomes in accordance with ISACA and the Internal Audit department standards.
11. Work with the Head of Section of Internal Audit to perform risk assessments and periodic monitoring of the IT risk profile of Dubai Health’s business units.
12. Follow up on agreed-upon actions with management to assess satisfactory completion and update the action tracker in a timely manner.
13. Proactively share knowledge and provide support to the Internal Audit team on industry practices, risk identification techniques, and data analytics.

Qualification Requirements:

Degree: Computer science, Information Systems, Data Science, Accounting, or a related field.

Certification: Certified Internal Auditor (CIA) or CISA.

Advanced degree or relevant certifications: CISM, CISSP, CFE, and Data Analytics.

Years of Experience:

5 + years in Auditing/risk management or equivalent exposure in jobs involving review of IT systems, processes, systems and procedures, cyber security, analysis of management information, etc.

Knowledge and Skills Required:

• Ability to evaluate business processes, identify control gaps, and conduct system-based audits and functional reviews.
• Ability to multitask and handle diverse projects concurrently, independently.
• Commitment to continuous improvement, innovation, and adding value to audit and organizational operations.
• Effective communicator and collaborator across cross-functional teams and internal stakeholders.
• Good critical-thinking skills to gather all of the available data and make informed decisions
• Knowledge and experience in Information Technology Audit, Cybersecurity, Data Analytics (e.g., Tableau, Power BI, MicroStrategy, etc.), and data mining techniques (SQL, Informatica Power Centre).
• Strong project management capabilities, delivering multiple audit assignments within time and resource constraints.
• Working knowledge of business systems, applications, and components (e.g., ERP, firewalls, servers, etc.).