IT Audit Senior Manager

Tawteen

1. IT Audit Planning & Execution:

Formulate a risk-based Annual IT Audit Plan in consultation with the Deputy Head and Head of Audit.

Implement the Annual IT Audit Plan, including special tasks as directed and in accordance with the Audit Manual.

Conduct independent assessments of IT systems, applications, databases, networks, and digital banking platforms.

Evaluate IT general controls (ITGC), application controls, and cybersecurity measures.

Assess IT disaster recovery, business continuity planning (BCP), and incident response frameworks.

Perform IT governance reviews to ensure compliance with regulatory requirements (e.g., Central Bank regulations, NIST, ISO 27001, COBIT).

Review IT risk management processes, including third-party/vendor risk assessments

2. Audit Project Management & Reporting:

Manage each audit project within pre-determined time budgets and deadlines.

Maintain high-quality working papers to support audit findings and conclusions.

Draft factual reports that describe weaknesses identified during audits, indicate their significance, and make constructive recommendations for remediation.

Finalize reports based on exit meetings with auditee management.

Assist the Deputy Head and Head of Audit in making constructive contributions to the preparation of the annual audit plan.

3. Cybersecurity & Digital Banking Audits:

Assess cybersecurity frameworks, penetration testing results, and security incident management.

Conduct audits of digital banking platforms, mobile applications, internet banking, and payment systems.

Ensure secure implementation of cloud computing, artificial intelligence (AI), blockchain, and other emerging technologies.

4. Risk Management, Compliance & IT Regulations:

Identify and evaluate IT risks, recommending mitigation strategies.

Ensure compliance with local and international IT audit standards and best practices.

Provide recommendations to strengthen internal controls and improve IT security.

Maintain up-to-date knowledge of global and Omani regulations applicable to the bank s IT operations.

Monitor follow-up actions on audit findings and ensure timely resolution

5. Supporting Business & Operational Audits:

Assist co-auditors in business and operational audits to ensure proper IT-related risk assessments.

Provide IT audit expertise during audits of non-IT functions that involve technology risks.

6. Data Analytics & Continuous Monitoring:

Assist in extracting key requirements from CAAT tools such as ACL (Audit Command Language) and Business Objects (BO).

Leverage data analytics to enhance audit procedures and improve risk assessment processes.

7. IT Governance, Information Security & Bank Policies:

Assess data governance, privacy controls, and data protection measures.

Evaluate controls related to data integrity, confidentiality, and access management.

Review IT policies, procedures, and security frameworks to enhance compliance.

Ensure compliance with the bank s policies, including HR, information security, and other relevant policies

8. Stakeholder Engagement & Advisory Role:

Prepare detailed audit reports with observations, risks, and recommendations.

Present findings to senior management, the audit committee, and external regulators as needed.

Collaborate with IT, risk, compliance, and business teams to enhance IT control frameworks.

Provide advisory services on IT risks and emerging threats