IT Audit Specialist

Role ObjectivesAchieving a risk-based audit portfolio allocation in the conventional and sharia business IT areas, developed by following standards and methodologies under the direction of the Head of IT Audit & Data Analytics.Responsible for providing assurance, investigation, and/or advice to ensure the technology lifecycle, from development to operation, runs optimally.Promoting optimal IT General Control practices across the team and guiding, and training other team members.Role AccountabilitiesEnsuring that the annual audit plan is completed on time in accordance with the plan.Ensuring the accuracy of the audit methodology selected and applied according to Bank standards and professional practice.Ensuring that all relevant risks in connection with audit activities are fully covered.Managing the quality of internal audit results (Reports, Recommendations, and Working Papers).Ensuring that audit findings from the portfolio are valid, confirmed, and properly supported/documented.Preparing the draft final audit report for review by the Head of IT Audit & Data Analytics and the Head of SKAI (Internal Audit Unit).Monitoring corrective actions from audit findings until completion.Conducting periodic analysis of the inherent risk profile in the technology area from time to time to meet the audit team's needs to conduct reviews according to urgency.General RequirementsBachelor's degree (S1) (preferably in computer science or informatics engineering).Experience in auditing or managing development systems and technical operational of medium-to-large scale applications with a strong understanding of IT risks and controls for minimum 3 years.Skills & KnowledgePossesses knowledge in the area of ITGC frameworks such as: COBIT, ITIL, ISO 27001, NIST, and banking regulations relevant to IT (e.g., local central bank/financial authority regulations).Possesses knowledge in the areas of application development, system administration, database, and operations.Possesses the ability to analyze matters related to the effectiveness and risk management in IT governance, IT Service Management, and the IT development cycle.Possesses the ability to examine the effectiveness of internal controls both in design and operation, and to explain the associated risk level and recommend improvement strategies.Possesses a deep understanding of IT audit methodology and its implementation.Possesses knowledge and understanding of cloud, DevSecOps, and agile methodology areas, including related risks and controls.Possesses attention to detail regarding technology and cybersecurity controls, as well as strong analytical skills.Possesses the ability to communicate audit findings/results to stakeholders within the organization and offer improvement solutions.Demonstrates critical thinking and problem-solving skills to identify root causes and develop practical, risk-based recommendations.Possesses a strong awareness of technology and cybersecurity trends.Possesses certification in the field of IT Audit (e.g.: CISA) or other relevant IT fields