Senior Auditor – IT & Cyber Security

JOB PURPOSE

The Senior IT Auditor plays a key role in evaluating and strengthening the organization’s IT and cybersecurity control environment. Reporting to the Manager of IT & Cybersecurity Audit, the position is responsible for planning and executing IT audit engagements, identifying and assessing technology-related risks, and providing actionable recommendations to enhance governance, security, and operational resilience. The role requires close collaboration with IT, cybersecurity, and business stakeholders across OIA and its subsidiaries to support strategic objectives and ensure the protection of critical information assets.

ROLES AND RESPONSIBILITIES

• participate in the development of the annual IT audit plan, including risk assessment and scoping of audit engagements.

• Plan and execute IT and cybersecurity audits covering infrastructure, applications, cloud environments, network security, and governance processes.

• Develop and document detailed audit programs, testing procedures, and control evaluation steps.

• Perform follow-up reviews to ensure that agreed-upon corrective actions are properly implemented.

• Identify key technology, cybersecurity, and operational risks across critical systems and business processes.

• Evaluate IT governance, security, and operational practices against regulatory requirements, internal policies, and international standards such as ISO/IEC 27001, NIST Cybersecurity Framework, and COBIT.

• Prepare clear, concise, and well-structured audit reports highlighting key findings, root causes, and actionable recommendations.

• Communicate audit results and control gaps effectively to IT and business management.

• Assist the Manager of IT & Cybersecurity Audit in preparing executive presentations and summaries for top management and the Audit Committee.

• Work closely with IT, cybersecurity, and business teams to understand processes, controls, and technology landscape.

• Act as a trusted advisor by providing insights on control enhancements, risk mitigation, and process improvements.

• Support special reviews, investigations, or advisory engagements as required.

• Stay current with emerging technologies, evolving cyber threats, and regulatory developments.

• Contribute to the enhancement of internal IT audit methodology and tools such as (internal audit system – TeamMate).

• Mentor and provide guidance to junior IT auditors to strengthen team capability.

• Support OIA initiatives related to digital transformation, cybersecurity maturity, and business continuity.

Education & Professional Certifications

• Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, or a related field.

• Relevant professional certifications are highly desirable, such as:

• ISACA – Certified Information Systems Auditor (CISA)

• ISC – Certified Information Systems Security Professional (CISSP) or equivalent.

• Additional certifications in cloud security, IT risk management, or cybersecurity frameworks are a plus.

Professional Experience

• Minimum of 8–10 years of experience in IT audit, information security, risk management, or related fields.

• Experience working with or auditing critical systems in financial and investment is an advantage.