IT Auditor

Job Title: IT Auditor

Department: Internal Audit  

Main Role (Overall Accountability)

Conduct audits and report on the technical areas of the Bank’s electronic data processing systems.

 Principal Accountabilities

• Executes audits of computer systems and their environment in the bank and evaluates IT internal controls; as a member of audit team, works collaboratively with management to identify actions needed.
• Reviews IT projects and evaluates project related risks; as a member of audit team, works collaboratively with management to identify actions needed.
• Performs audit procedures, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.
• Conducts interviews, reviews document, develops and administers surveys, composes summary memos, and prepares working papers.
• Identifies, develops, and documents audit issues and recommendations using independent judgment concerning areas being reviewed.
• Assists audit manager and/or audit team leader in communicating results of audit and consulting projects via written reports and oral presentations to management and audit committee.
• Develops and maintains productive client and staff relationships through individual contacts and group meetings.
• Pursues professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers.
• Represents internal audit on organizational project teams, at management meetings, and with external organizations.
• Provides or assists in providing training, coaching, and guidance to internal audit staff in conducting audits and other audit-related issues.
• Conducts data extraction, analysis, and security reviews utilizing software tools.
• Acts as liaison with IT business partners to ensure full understanding of data flow, data integrity, and system security.
• Assesses information technology control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business information.
• Follows up on implementation of audit recommendations.
• Performs related work as assigned by audit management.
• Performs audits at other processing facilities of the bank, which may involve some travel.
• Adheres to all organizational and professional ethical standards. 

 Personnel Specifications

Essential skills

• An effective team player. 
• Inter-personnel skills.
• Effective verbal and written communication
• Active listening
• Negotiation and problem solving 
• Maintain composure under pressure while meeting multiple deadlines.
• Ability to work independently under general supervision with considerable latitude for initiative and independent judgment.
• Ability to establish and maintain harmonious working relationships with co-workers, staff and external contacts, and to work effectively in a professional team environment.
• Knowledge of generally accepted IT audit standards, statements and practices, and IT security and control practices.

 Experience and Qualifications 

• Must be Omani National
• Bachelor’s degree from an accredited college or university.
• 3 years of IT Audit / IT Security experience in an organization with IT profile similar to that of Bank Muscat.
• Ability to gather data from Information systems and analyze it for logical conclusions.
• Skill in assessing the effectiveness of internal controls over key IT risks, identifying significant exposures, analyzing transactions and other management information, and detecting changes in key risks and/or control effectiveness. Skill in developing appropriate recommendations to address exposures.
• Experience in auditing Unix and Windows operating systems.
• Experience in auditing Oracle, SQL Server, DB2, and Access Database Management systems.
• CISA or CISSP or CISM certification preferred.
• Other technical certifications from CISCO, Microsoft etc. will be an advantage.
• Banking operations experience will be an advantage.
• Experience in auditing the following will be an advantage: Firewalls, Routers, Switches, Intrusion Detection/Prevention systems, applications developed in Java, XML, Dot Net framework and core banking systems.