Auditor (IT Audit)

An IT auditor is responsible to assess and provide an independent view to internal controls and risks of a company’s technology infrastructure and processes. This role includes identifying the weaknesses in computer systems and networks and creating an action plan to prevent to help mitigate and repot such identified risks. An IT auditor can also be involved in the planning and execution of internal audit procedures and the creation of internal audit reports. An auditor must work within a team to assess the information technology infrastructure and processes and do the following:

• Participating in maintaining "Information Technology and Cyber Security" Universe to preform annual risk assessment and prepare IT Audit strategic and annual plan.
• Conduct efficient and effective reviews based on the approved charters and procedures to provide assurance to top management and the board
• Examining and testing internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk and recommend remediation strategies.
• Conduct Cyber Security assessment and testing by evaluating security controls and management processes effectiveness and IT Infrastructure exposure to risks, vulnerabilities, and threats
• Review the bank processes and infrastructure to assess their resilience to incidents and disasters.
• Identify risks, incompliance, or control gaps by:
• Reviewing, evaluating and testing Applications security and controls for the bank and its subsidiary to provide assurance to top management and the board.
• Reviewing, evaluating and testing IT controls along with IT processes, operations activities, and documentation in the Information Technology Production, Development and Governance and Project Management Units
• Reviewing, evaluating, and testing IT infrastructure (OS, Databases, Security Controls, tools, Storage, Backup) and network design, configuration, Implementation, and/or operation.
• Provide recommendations and guidance on mitigating identified Risks and controls design/implementation observations
• Reviewing the adherence to the regulatory requirements related to IT/Cyber Security and Business continuity such as SARIE requirements, SAMA Cyber Security Framework, etc
• Communicate complex technical issues in simplified terms to the relevant stakeholders.
• Follow-up and evaluate implementation of raised issues on identified risks either internally or externally.
• Conduct investigations and provide independent audit view on cases required by management or SAMA.

• Bachelor Degree in Information Technology, Cyber Security, computer engineering or related field
• 1 – 3 years of experience in related roles such as System Admin, Network Engineer, Security Engineer, Programmer, Risk Specialist.
• Managing systems and conducting and implementation of hardening standards.
• Experience and knowledge with major IT Vendors such as: Microsoft, Cisco, Dell EMC, Micro Focus, PaloAlto Networks, Oracle, F5, Fortinet, Nessus and IBM.
• Writing and following Policies and procedure.
• Developing IT work program and conducting
• Certification or Training for related certifications such as: ITIL, Security+, CISA, COBIT, CISM, CCNA, MCSE, CISSP and PMP
• Analytical skills
• Good Report Writing.
• Ability of transferring complex technical issues to simple terms and business related.
• Problem solving skills.
• Negotiation and Communication Skills.
• Knowledge about common security and hardening standards such as SAMA Cyber Security Framework, NIST, ISO 27001, CIS, STIGview.
• Up-to-date with new security and attack concepts such as: SOC, Threat Man agent and Hunting, Penetration testing.

computer science or any related field