Company : Ooredoo
Contact Phone :
Job Description :
VAC2993 - Senior Specialist IT Audit
Field:AuditContract Type:Full Time - PermanentLocation:Qatar - DohaClosing date:31-Jan-2015
ROLE & CONTEXT:
Purpose
Lead and carry out complex IT internal audit assignments, investigations, forensics, and advisory activities ensuring the work is carried out with professional care and in accordance with the appropriate standards. These different activities involve leading or conducting projects in the internal audit, compliance audit, investigations and advisory on IT domain. In addition, the role provides significant input to the preparation of annual internal Audit Plan and contributes significantly in the follow-up audit with management.
Context
Ooredoo owns and operates various telecom infrastructures. This role carries out and/or supervises IT audit across the entire organisation to ensure efficiency and effectiveness in the use of such infrastructures, to safeguard Ooredoo's interest, and to ensure compliance with laws, regulations and recognized technical/ IT standards.
ROLE ACCOUNTABILITIES:
Overview
A. Audit
Identify and evaluate Ooredoo’s audit risk areas relating to Information Technology through a risk-based audit methodology and provides significant input to the development of a risk-based annual IT internal audit plan;
Gather the management requirements for the audit plan through the different meetings with the management, consultation with Regulatory and Compliance requirements, and external audit;
Perform IT audits and review the work performed to ensure the adequacy of audit scope, the adequacy of testing performed, and the accuracy of conclusions reached;
Plan the resources and requirements for the different audit assignments and special assignments.
Monitor the audit assignments progress and escalate any show stoppers to the Assistant Director IT & Technical Audit for the intervention;
Ensure that audit procedures are strictly adhered to, including identifying and defining issues, developing criteria, reviewing and analysing evidence, and documenting technical processes and procedures;
Prepare/develop the audit programs with appropriate testing mechanisms, execute the audit program, recognize control weaknesses, assess the materiality of these weaknesses, and relate them back to the scope and objectives of the audit;
Conduct or lead interviews, review of documents, development and administration of audit surveys, composing summary memos, and preparation of working papers;
Perform or oversee the work of the audit staff in identification, development, and documentation of audit issues and recommendations for improvement;
Communicate the results, findings and recommendations of audit projects via written reports and face-to-face presentations on a timely basis to the management, GCAE, and if necessary to the Board of Directors as instructed by the GCAE;
Follow up the implementation of audit recommendations in a timely manner;
Interact with staff, section heads, department directors and managers and when necessary with executive management in order to obtain and/or communicate relevant information to achieve the objective/s of the IT audit;
Maintain all organisational and professional ethical standards and ensure internal audit activities are carried out in compliance with International Standards for the Professional Practice of Internal Auditing (Standards), IIA Code of Ethics and ISACA (Information Systems Audit and Control Association) Information System standards and guidelines;
Plan and execute audits of IT platforms (e.g. Windows, UNIX, MPLS networks) and evaluates IT internal controls and works collaboratively with management to identify actions needed.
Conduct data extraction, analysis, and IT security reviews;
Act as liaison with IT business partners to ensure full understanding of data flow, data integrity and system security;
Assess information technology control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business information in compliance with security best practices (such as ISO 27000);
Work independently under general direction with extensive latitude for initiative and independent judgment;
Administrate and support the Audit Management Software to facilitate Internal Audit Activities;
Support the Assistant Director IT & Technical Audit in coordinating with the external auditors and facilitate their fieldwork in the Company.
B. Consulting
Lead consulting engagements related to Information and network security, IS governance, Business continuity and disaster recovery based on best practices of each area (ISO 27000,ISO 20000, ITIL and COBIT framework) if asked to do so by superiors.
Communicate the results of consulting projects via written reports and oral presentations on a timely basis to the management, GCAE, and if necessary to the Board of Directors as instructed by the GCAE;
Review of Technology related policies and procedures and any IT operations of the Company for submission to the GCAE before being raised for Chief Executive Officer and Board of Directors approval.
Provide consulting services to the organization’s management and staff pertaining information security policies and procedures based on best practices such as ISO 20000.
C. Special Assignments and Fraud Investigations
Conduct or lead the Internal Audit team in performing any fraud investigations or any special audit assignments relating to IT areas;
Communicate the results, finding and recommendations of special assignment/investigation via written reports and oral presentations on a timely basis to the management, GCAE, and if necessary to the Board of Directors as instructed by the GCAE.
D. Development & Improvement Program
Develop and maintain productive team-oriented management and staff relationships through individual contacts and group meetings;
Pursue professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers;
Proactively take responsibility for self improvement by staying well-informed of developments, knowledge and innovations in relevant field of expertise.
E. Other
Represent internal audit at Ooredoo project team meetings, management meetings, and meetings with external organisations.
Other duties as directed by the Assistant Director IT & Technical Audit or GCAE.
Customers
Different Company divisions and departments.
Business orientation
Evaluate the company’s information technology processes and identifies potential problem areas where related controls need further testing.
Assist in the review of the Company’s technical standards and related policies and procedures
Planning & Organising
Carry out risk analysis and assist in the preparation of the annual audit plan or program covering the IT aspects of operation.
Problem Solving
Perform sufficient tests, including data analysis, to provide reasonable assurance that internal controls over the design, installation, operation and maintenance of Ooredoo’s information system infrastructure and related projects are existing and adequate.
Identify and evaluate possible solutions to identified control issues, recommend them and obtain management agreement or actions on such recommendations.
Communicating, negotiating & influencing
Prepare audit report including the weaknesses noted in the systems of internal controls, non-compliance with procedures/instructions and recommendations for improvements.
Discuss audit issues with concerned managers and obtains comments for reported points.
KEY RELATIONSHIPS & DECISION MAKING:
Reports to
Assistant Director IT & Technical Audit
Team working, coaching, guiding
This role has contact with all departments across the organisation at a managerial level.
Decision making authority and business impact of role
The role holder assists the Assistant Director IT & Technical Audit around the scope of an audit, identifying expansion needs when necessary and also around reporting and the type of recommendations that are reported to the parties involved.
Qualifications:
Bachelor degree in Management Information Systems (MIS), Computer Science, Telecom Engineering or Computer Engineering from a first tier educational institute.
Certification in at least one area (e.g. CISA, CISM, CISSP, GSNA) is preferred.
Commencement towards post-graduate related field or profession (e.g., IT auditing, fraud auditing and computer forensics) will be viewed favourably.
Experience:
8 years of work experience
5 years Minimum experience in IT auditing with telecommunications audit background.