Senior Auditor, IT (Digital Infrastructure)
ADNOC
Job Purpose
Perform assigned audit engagements in the domain of Digital Infrastrcuture, from start to finish, inclusive of preplanning, wrap up activities ensuring application of risk and control concepts to scenarios encountered, and identify any potential issues within ADNOC and Group Companies.
Contribute in the capacity of SME, in the periodic Risk Assessments and development of the Risk-Based Work Plans focusing on Digital and Technology (D&T) risks within ADNOC and Group Companies.
Job Specific Accountabilities (Part 1)
Professional Ethics
• Assist in initiating/promoting the establishment and continuous improvement of the Corporate Governance Framework, including Enterprise Risk Management, Corporate Code of Conduct, Ethics, and Values
Audit Execution
• Perform audits, advisory engagements, and other influencing activities in highly technical areas of current/emerging technologies within ADNOC and Group Companies.
• Develop a detailed audit program / Risk & Control Matrix (RCM) for the assigned audit, including the objectives, potential risk, key controls, audit procedures, and the use of audit techniques and tools to evaluate governance, risks, and controls processes, and submit audit program to the management for review and approval.
• Determine auditing procedures to be applied, including the use of Information Systems Audit Techniques, data analytics, statistical sampling method or others.
• Ensure that adequate working papers and all relevant information are continuously documented and updated in the automated Audit Management System in accordance with pre-defined templates and audit procedures.
• Identify, obtain, analyze and appraise related systems and evidentiary data/information.
• Appraise the adequacy of the corrective actions taken by management on audit recommendations through follow-up audits and periodically review and update the status of management action plans.
• Ensure that approved audit objectives have been met with adequate coverage of all relevant areas and sufficient audit evidence is obtained to support the conclusion and recommendations in accordance with professional audit standards.
• Participate in conducting special reviews and undertakes administrative duties as directed by Management.
• Identify high-risk areas and key control points of the system to be reviewed.
• Adapt the audit approach to the ever-changing technology landscape and deliver critical and complex technology audits that impact the group-wide internal controls.
• Lead the Technology auditors in the examination and analysis of records through executing audit program steps for the assigned audits.
• Supervise audits in accordance with the approved RCM and professional standards on internal auditing.
• Ensure tasks assigned to external or junior staff are adequately performed and deliverables are in accordance with ADNOC Internal Audit procedures and quality standards.
Audit Reports
• Prepare an audit report with a conclusion, expressing professional opinions on the adequacy and effectiveness of risk management, control systems, and the efficiency with which activities are carried out. Recommend improvement options to rectify reported deficiencies for Department Manager's review.
• Recommend practical enhancements in Digital and Technology governance, risks, and control processes to assist in the achievement of the company's business objectives.
• Follow-up on replies to issued draft and final audit reports and review the adequacy of the corrective actions taken on audit recommendations/improvement options.
Job Specific Accountabilities (Part 2)
Coordination
• Assist the Secretary of the Audit Committee in arranging Audit Committee meetings, preparing the agenda and minutes of meetings (MOMs), and reporting on Corporate Governance Framework, General Controls, and other related issues as prescribed in the Audit Committee Charter within ADNOC and Group Companies.
• Assist in the periodic reporting to the Audit Committee and Senior Management on Technology audit activities, performance, significant risk exposures, controls/governance issues, and other related matters within ADNOC and Group Companies within ADNOC and Group Companies.
• Conduct workshops or presentations to create awareness about IA function and demonstrate value addition across the ADNOC.
• Communicate identified issues with Internal Audit management to ensure potential high-risk areas of concern are addressed in a timely and effective manner.
• Provide professional advice on Group Companies' Audit Committee Charter,
IA Charter and Technology Audit Methodology/Procedures. Provide assistance in the establishment of the Group Audit Committees/IA functions and related governance when assigned.
• Participate in initiating and coordinating the Group-wide specialized professional training programs.
• Conduct research and benchmarking to resolve audit issues, identify gaps and support IA function.
• Conduct workshops and presentations on dynamic and complex technology risks to the ADNOC Group Audit Council.
• Conduct advisory activities to improve the status of internal controls in the operational process of AHQ and AGC. Drive implementation of top-down initiatives that originate at the AHQ level, but implementation may span across the group.
• Challenge the status quo to bring continuous improvement over audit delivery.
Job Specific Accountabilities (Part 3)
Generic Accountabilities
Supervision
• Plan, supervise and coordinate all activities in the assigned area to meet functional objectives.
• Mentor and developed the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective section objectives.
• Plan and supervise AGCs auditors on relevant skills and enable them to fulfil the audit execution of respective technology.
• Evaluate the performance and capabilities of the auditors in AHQ and Group.
• Oversee and manage the Guest Auditor program to ensure successful delivery of the audit scope and objectives.
Budgets
• Provide input for the preparation of the Function / Department / Section budgets, assist in the implementation of the approved Budget, and work plans to deliver Department objectives.
• Investigate and highlight any significant variances to support effective performance and cost control.
Policies, Systems, Processes & Procedures
• Implement approved Function/ Department/ Section policies, processes, systems, standards and procedures in order to support the execution of the work programs in line with Company and International standards.
Performance Management
• Contribute to the achievement of the approved Performance Objectives in line with the Company Performance framework.
Innovation and Continuous Improvement
• Implement new tools and techniques to improve the quality and efficiency of operational processes.
• Identify improvements in internal processes against best practices in pursuit of greater efficiency in line with best industry standards in order to define intelligent solutions for issues confronting the function.
Health, Safety, Environment (HSE) and Sustainability
• Comply with relevant HSE policies, procedures, controls, applicable legislation, and sustainability guidelines in line with international standards, best practices, and the ADNOC Code of Practices.
Reports
• Provide inputs to prepare MIS and progress reports for Company Management.
Generic Accountabilities (continue)
Internal Communications & Working Relationships
• Regular contacts with operational level management within all BLDs within ADNOC and Group Companies.
• Frequent contacts within ADNOC and Group Companies at all levels of Management up to SVPs/Directors with respect to audit programs, the conduct of the audits, audit reports, findings, and recommendations.
• Regular contacts with Management within the assigned ADNOC Group Companies up to Manager level with regards to the Group Company audits.
• Regular contacts with ADNOC Group Companies with respect to knowledge sharing of standards, frameworks, methodologies, policies, and processes across ADNOC and Group Companies.
• Participate in technology risk awareness presentations to senior management, including Group Companies' management and Audit Committees
External Communications & Working Relationships
• Occasional Contacts with Internal Audit Service Provider(s) to coordinate audit activities, when required.
• Occasional Contacts, as required, with Abu Dhabi Accountability Authority (ADAA) regarding government audits when required.
• Occasional Contacts with ADNOC External Auditors and other assurance providers to ensure adequate audit coverage and minimize duplicate efforts when assigne
Minimum Qualification
Minimum Experience, Knowledge & Skills
• 8-10 years of relevant experience in D&T or IT internal auditing, and a minimum of 5+ years of work experience in Digital Infrastructure and cybersecurity domain.
• Advance technical knowledge of core infrastructure, network components (routers, switches, firewalls etc.), cloud security, different operating systems, databases, virtualization technologies and security operations.
• Sound knowledge coupled with extensive experience in technology-related risks in emerging areas such as Cloud, Internet of Things (IoT), Zero-Trust / Defense In-Depth architecture, Identity and Access management, digitalization, automation etc.
• In-depth knowledge of Digital processes, including, but not limited to, business continuity and disaster recovery, enterprise architecture, infrastructure review (on-prem and cloud), access-right management, change management and DevOps etc.
• Experience in conducting vulnerability assessments / penetration testings / bug bounty hunting would be an advantage.
• In-depth knowledge of International Professional Practices Framework for IT Assurance/IT Assurance Framework (ITAF) and other related frameworks/standards (e.g. COBIT, ITIL, ISO27000, ISO22301 NIST) and their interpretation/application to IS/IT auditing practice.
• Experience in managing and tracking time for different Internal Audit-related activities.
• Expertise in collecting and analyzing complex data using data analytics tools, evaluating information and systems, and drawing logical conclusions
• Extensive knowledge of planning and project management areas
• Awareness/knowledge of ERP and Operational Technology (OT) processes and systems. (preferred)
Professional Certifications
• IT audit certification, CISA, is mandatory or willing to obtain within one year of joining.
• Other related certifications (CISSP, CISM, GIAC, etc.) are preferred.
• Technical certifications (CCNA, MCSA, AWS, CCSK, GPENetc.) are desirable.
Work Condition, Physical effort & Work Environment
Physical Effort
Minimal
Work Environment
Normally air-conditioned office environment, however exposed to prevailing weather conditions while in the operating sites / field visits.
Additional Details
Job Family / Sub Family: Governance/Audit
Perform assigned audit engagements in the domain of Digital Infrastrcuture, from start to finish, inclusive of preplanning, wrap up activities ensuring application of risk and control concepts to scenarios encountered, and identify any potential issues within ADNOC and Group Companies.
Contribute in the capacity of SME, in the periodic Risk Assessments and development of the Risk-Based Work Plans focusing on Digital and Technology (D&T) risks within ADNOC and Group Companies.
Job Specific Accountabilities (Part 1)
Professional Ethics
• Assist in initiating/promoting the establishment and continuous improvement of the Corporate Governance Framework, including Enterprise Risk Management, Corporate Code of Conduct, Ethics, and Values
Audit Execution
• Perform audits, advisory engagements, and other influencing activities in highly technical areas of current/emerging technologies within ADNOC and Group Companies.
• Develop a detailed audit program / Risk & Control Matrix (RCM) for the assigned audit, including the objectives, potential risk, key controls, audit procedures, and the use of audit techniques and tools to evaluate governance, risks, and controls processes, and submit audit program to the management for review and approval.
• Determine auditing procedures to be applied, including the use of Information Systems Audit Techniques, data analytics, statistical sampling method or others.
• Ensure that adequate working papers and all relevant information are continuously documented and updated in the automated Audit Management System in accordance with pre-defined templates and audit procedures.
• Identify, obtain, analyze and appraise related systems and evidentiary data/information.
• Appraise the adequacy of the corrective actions taken by management on audit recommendations through follow-up audits and periodically review and update the status of management action plans.
• Ensure that approved audit objectives have been met with adequate coverage of all relevant areas and sufficient audit evidence is obtained to support the conclusion and recommendations in accordance with professional audit standards.
• Participate in conducting special reviews and undertakes administrative duties as directed by Management.
• Identify high-risk areas and key control points of the system to be reviewed.
• Adapt the audit approach to the ever-changing technology landscape and deliver critical and complex technology audits that impact the group-wide internal controls.
• Lead the Technology auditors in the examination and analysis of records through executing audit program steps for the assigned audits.
• Supervise audits in accordance with the approved RCM and professional standards on internal auditing.
• Ensure tasks assigned to external or junior staff are adequately performed and deliverables are in accordance with ADNOC Internal Audit procedures and quality standards.
Audit Reports
• Prepare an audit report with a conclusion, expressing professional opinions on the adequacy and effectiveness of risk management, control systems, and the efficiency with which activities are carried out. Recommend improvement options to rectify reported deficiencies for Department Manager's review.
• Recommend practical enhancements in Digital and Technology governance, risks, and control processes to assist in the achievement of the company's business objectives.
• Follow-up on replies to issued draft and final audit reports and review the adequacy of the corrective actions taken on audit recommendations/improvement options.
Job Specific Accountabilities (Part 2)
Coordination
• Assist the Secretary of the Audit Committee in arranging Audit Committee meetings, preparing the agenda and minutes of meetings (MOMs), and reporting on Corporate Governance Framework, General Controls, and other related issues as prescribed in the Audit Committee Charter within ADNOC and Group Companies.
• Assist in the periodic reporting to the Audit Committee and Senior Management on Technology audit activities, performance, significant risk exposures, controls/governance issues, and other related matters within ADNOC and Group Companies within ADNOC and Group Companies.
• Conduct workshops or presentations to create awareness about IA function and demonstrate value addition across the ADNOC.
• Communicate identified issues with Internal Audit management to ensure potential high-risk areas of concern are addressed in a timely and effective manner.
• Provide professional advice on Group Companies' Audit Committee Charter,
IA Charter and Technology Audit Methodology/Procedures. Provide assistance in the establishment of the Group Audit Committees/IA functions and related governance when assigned.
• Participate in initiating and coordinating the Group-wide specialized professional training programs.
• Conduct research and benchmarking to resolve audit issues, identify gaps and support IA function.
• Conduct workshops and presentations on dynamic and complex technology risks to the ADNOC Group Audit Council.
• Conduct advisory activities to improve the status of internal controls in the operational process of AHQ and AGC. Drive implementation of top-down initiatives that originate at the AHQ level, but implementation may span across the group.
• Challenge the status quo to bring continuous improvement over audit delivery.
Job Specific Accountabilities (Part 3)
Generic Accountabilities
Supervision
• Plan, supervise and coordinate all activities in the assigned area to meet functional objectives.
• Mentor and developed the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective section objectives.
• Plan and supervise AGCs auditors on relevant skills and enable them to fulfil the audit execution of respective technology.
• Evaluate the performance and capabilities of the auditors in AHQ and Group.
• Oversee and manage the Guest Auditor program to ensure successful delivery of the audit scope and objectives.
Budgets
• Provide input for the preparation of the Function / Department / Section budgets, assist in the implementation of the approved Budget, and work plans to deliver Department objectives.
• Investigate and highlight any significant variances to support effective performance and cost control.
Policies, Systems, Processes & Procedures
• Implement approved Function/ Department/ Section policies, processes, systems, standards and procedures in order to support the execution of the work programs in line with Company and International standards.
Performance Management
• Contribute to the achievement of the approved Performance Objectives in line with the Company Performance framework.
Innovation and Continuous Improvement
• Implement new tools and techniques to improve the quality and efficiency of operational processes.
• Identify improvements in internal processes against best practices in pursuit of greater efficiency in line with best industry standards in order to define intelligent solutions for issues confronting the function.
Health, Safety, Environment (HSE) and Sustainability
• Comply with relevant HSE policies, procedures, controls, applicable legislation, and sustainability guidelines in line with international standards, best practices, and the ADNOC Code of Practices.
Reports
• Provide inputs to prepare MIS and progress reports for Company Management.
Generic Accountabilities (continue)
Internal Communications & Working Relationships
• Regular contacts with operational level management within all BLDs within ADNOC and Group Companies.
• Frequent contacts within ADNOC and Group Companies at all levels of Management up to SVPs/Directors with respect to audit programs, the conduct of the audits, audit reports, findings, and recommendations.
• Regular contacts with Management within the assigned ADNOC Group Companies up to Manager level with regards to the Group Company audits.
• Regular contacts with ADNOC Group Companies with respect to knowledge sharing of standards, frameworks, methodologies, policies, and processes across ADNOC and Group Companies.
• Participate in technology risk awareness presentations to senior management, including Group Companies' management and Audit Committees
External Communications & Working Relationships
• Occasional Contacts with Internal Audit Service Provider(s) to coordinate audit activities, when required.
• Occasional Contacts, as required, with Abu Dhabi Accountability Authority (ADAA) regarding government audits when required.
• Occasional Contacts with ADNOC External Auditors and other assurance providers to ensure adequate audit coverage and minimize duplicate efforts when assigne
Minimum Qualification
- Bachelor's Degree in Computer Science or related Technology discipline, or equivalent discipline.
Minimum Experience, Knowledge & Skills
• 8-10 years of relevant experience in D&T or IT internal auditing, and a minimum of 5+ years of work experience in Digital Infrastructure and cybersecurity domain.
• Advance technical knowledge of core infrastructure, network components (routers, switches, firewalls etc.), cloud security, different operating systems, databases, virtualization technologies and security operations.
• Sound knowledge coupled with extensive experience in technology-related risks in emerging areas such as Cloud, Internet of Things (IoT), Zero-Trust / Defense In-Depth architecture, Identity and Access management, digitalization, automation etc.
• In-depth knowledge of Digital processes, including, but not limited to, business continuity and disaster recovery, enterprise architecture, infrastructure review (on-prem and cloud), access-right management, change management and DevOps etc.
• Experience in conducting vulnerability assessments / penetration testings / bug bounty hunting would be an advantage.
• In-depth knowledge of International Professional Practices Framework for IT Assurance/IT Assurance Framework (ITAF) and other related frameworks/standards (e.g. COBIT, ITIL, ISO27000, ISO22301 NIST) and their interpretation/application to IS/IT auditing practice.
• Experience in managing and tracking time for different Internal Audit-related activities.
• Expertise in collecting and analyzing complex data using data analytics tools, evaluating information and systems, and drawing logical conclusions
• Extensive knowledge of planning and project management areas
• Awareness/knowledge of ERP and Operational Technology (OT) processes and systems. (preferred)
Professional Certifications
• IT audit certification, CISA, is mandatory or willing to obtain within one year of joining.
• Other related certifications (CISSP, CISM, GIAC, etc.) are preferred.
• Technical certifications (CCNA, MCSA, AWS, CCSK, GPENetc.) are desirable.
Work Condition, Physical effort & Work Environment
Physical Effort
Minimal
Work Environment
Normally air-conditioned office environment, however exposed to prevailing weather conditions while in the operating sites / field visits.
Additional Details
Job Family / Sub Family: Governance/Audit
JOB SUMMARY
Senior Auditor, IT (Digital Infrastructure)ADNOC
Abu Dhabi
17 hours ago
N/A
Full-time