GM Internal Audit IT & Cyber Security

Apply now »

Date: 8 Apr 2024

Location: Karachi

Company: KE

Purpose

To lead, plan, develop, implement, manage the KE Enterprise Information Technology Group (ITG) IT/ IS & Infrastructure and IT & Operational Technology (OT) Cybersecurity (CS) for risk-based audits and or advisory / consulting engagements to service

- The IT Architecture, the IT Assets, Services, Applications running the Enterprise & Back-end Support Systems & the Communication and Facility Infrastructure controls for ITG On-Premise & Public/Private/Hybrid Cloud space.

- The IT Service Management, Application Development, System-Integrations, the ISO/IEC Service & Security Management Systems, Governance Frameworks, Risk management, and the Project Management Office (PMO)

- And the Cybersecurity Governance including Application Security, Vulnerability Management, Penetration-testing & Cybersecurity Operations, Threat Intelligence, Incident Management, Infrastructure hardening, & Patch Management

Prepare & review draft audit assurance & advisory report and assessment of the IT/IS and CS internal control environment; Engage Head IT/IS, OT, Cybersecurity & Power Generations Audits (Immediate Supervisor) on significant audit findings and service ready assistance to finalize reporting of significant findings, quarterly to the board-audit-committee (BAC). Engage with the auditee on the Audit follow-ups & the progress on relevant BAC action-points. These responsibilities are carried out WITH the objective to implement the processes for the Audit Universe WITHIN the limitations of IIA methodology, the Internal Audit Department Manual, the IIA Quality Management Requirements, the ISACA (information system audit control association), the CS/NIST framework, the applying ISO/IEC standards, Technology Governance framework and under guidelines from the Immediate Supervisor and or the Line management.

Education

BS/BE/BCS/MS/MCS in Computer Science/Computer Engineering, CISA|CISM preferred

Knowledge

Enterprise IT/IS Business & Back-end Support Systems & Solutions
Public/Private/Hybrid Cloud Infrastructure
ISO/IEC Service & CS Management Standards, Technology & Cyber Governance
Technology & CS Business Processes
Total Quality & Process documentation
The IIA Controls, The IPPF & Global Technology Audit Guidelines (GTAG), ISACA

Experience

12 - 15 years of experience in Utility / Corporate sector with at least 4-5 years in Senior Management

Area of Responsibilities

Planning and Risk Assessment 20%

Develop IT/IS & Cybersecurity Annual Audit plan; determine direction and order of the different planned and ad-hoc audit assurance and advisory/ consulting engagements. Ensure that the IT/IS and the CS audit universe is rightfully developed, is subject to timely review, is improved /updated in semblance to the different organizational Technology & CS changes (incl. Rescale, Upgrade, Replacement, Expansion)
Ensure that the audit universe risk is assessed per the IA risk assessment framework; and to ensure correctness of the qualitative assessment, connect with the auditee/ line management for improved comprehension of the IT/IS and CS risks, leveraging the ERM risk register and future/ strategic ITG and the CS plans;
Prepare draft Annual IT/IS & CS audit plan with justification for immediate supervisor review, deliberation & finalization before it is moved to the Head IA (or CIA) and then to the BAC for approval
Ensure maintenance of IT/IS & CS audit service edict, and the audit taxonomy; participate in IA leadership discussions on audit operations, direction, impact & value creation, digitalization, training, quality management and any other matter of significance

Supervision and Review of Audit Execution 35%

Determine scope of audit and review the adequacy of audit objectives. Ensure coverage of all key business processes associated to the entity being audited; Finalize initial and final risk assessment of business processes and ensure that it is in line with business understanding
Review the appropriateness of audit procedures in audit program and ensure complete population is captured; and the audit execution, objectives & the audit program are continually recorded in the Audit Management Solution; ensure CAAT implementation and use of audit / data analytic tools & services
Coordinate with the auditee line and or management to attend delays especially in areas including but not limited to facilitating access to the audited IT and the CS systems/solutions, the process documentation, the policy, and the SOPs
Review the risk ratings of audit observations based on the Risk Rating Methodology; provide insight on new standards, guidelines, technologies and tools to better manage audit, consulting engagements & presentations

Area of Responsibility Continued

Reporting & Follow Up 25%

Review the draft audit report with observations, findings (& evidence) and recommendations by the line submitted and carryout internal review to ensure completeness & direction of the content, relevance of risk exposure, practicality of the recommendations etc. and improve it as appropriate, in preparation for the immediate supervisor review & discussion
Share the audit report with the line to form concurrence on the reported findings, and make necessary corrections, if required, followed by circulation of draft report (observation + implication + recommendations) to the line section head / department head for management comments & the action plans to address the control gaps identified
Prepare interactive / engaging/ impactful presentation for the BAC on the significant IA findings in coordination with the immediate supervisor and take update from the auditee, progress on BAC action-item
Engage with immediate supervisor on the draft IA report; and carryout (as deem appropriate) data validation and verification, engage & coordinate with the line on the relevancy, & completeness of submitted management comments, the action execution responsibility & the implementation timeline

Consulting Activities 10%

Review a hand-picked business process and or a policy or a request for the same moved either by the auditee, the BAC/Board, the CIA/IA leadership and or the immediate supervisor
Deliver as deem fit to the ITG, the user and or CS department, IA advisory /consulting services on IT/IS and or CS controls, planning, digitalization, regulatory, scalability, etc. in due purview to the IIA-IPPF and or ISACA framework / practices

Administrative Activities 10%

Assists in calculating annual cost allocation for department positions, IT/IS system trainings and budget IT systems/licenses; and manage system requirements for the different CAATT, audit management & business intelligence application/ solution
Ensure ITG is engaged on planning, sizing of infrastructure and procurement of the IA digitalization interventions and the content is put to back-up & recovery as a part of ITG disaster recovery plan
Prepare the IT software & hardware related budgetary requirement for IA Department;

Apply now »

Provider	Description	Enabled
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions