Role Summary

You will be conducting individual IT audit assignments/ reviews in accordance with the approved audit plan and making practical/ feasible recommendations for mitigating risks/ improving controls and processes. In doing the above, the incumbent will ensure adherence to internal auditing best practices, including but not limited to the Standards for the Professional Practice of Internal Auditing (SPPIA), CoBIT principles and the System Development Life Cycle (SDLC) methodology.

You will also assist in post-implementation reviews of the various information systems used by the Group to support the business as well as pre-implementation reviews for select systems (based on the risk assessment exercise) to ensure adequate system controls are built into the systems during the development stage itself

Additionally, to the said responsibilities, you will also extend to the related secondary responsibilities that will be assigned to the IT Audit team in terms of specific activities/ functions to be audited, in addition to the primary responsibility with respect to the information system audits.

You will also be responsible for high level oversight and reporting of the IT Audit functions in key International QNB subsidiary companies, in accordance with the principles defined in the QNB International Governance Model. 

Subsidiary IT Audit oversight includes:

• Review and comment on subsidiaries’ annual IT risk assessment and IT Audit universe
• Review and comment on subsidiary annual IT Audit plan alignment with risk assessment
• Coordinate inputs to International subsidiary plans – for critical audits (as determined at start of year with Chief Internal Auditor – Global IT & IS Audit and GCAE)
• Monitor Subsidiary progress against their IT Audit plans
• Coordinate resources for audit reviews with PS Domestic & International IT & IS IT Audit such that SME resource is available for subsidiary IT audits, and vice versa when required
• Coordinate periodically (e.g. every 2 years) and help execute a review of each subsidiary’s IT Audit Governance

• Responsible for executing specific IT Audit assignments (Infrastructure and Applications) as directed by the Chief Internal Auditor – Global IT & IS Audit and direct manager, in support of the Audit Plan for the Principal Specialist Domestic and International IT & IS Audit.

Role Description

Ensure oversight and reporting of the IT Audit functions in key International QNB subsidiary companies, in accordance with the principles defined in the QNB International Governance Model.

Implements KPI’s and best practices for the role.

Promote cost consciousness and efficiency and enhance productivity, to minimize cost, avoid waste, and optimize benefits for the bank.

Act within the limits of the powers delegated to the incumbent and delegate authority to the respective staff and monitor exercise of the same.

Demonstrate clear understanding of the important factors behind the bank's financial & non-financial performance.

Ensure adequate monitoring of subsidiary IT & IS Audit Plans to ensure consistency and quality of audit information.

Manage the relationship with subsidiary and Head Office departments in respect of International subsidiary oversight – with respect to Methodology & QA.

Liaise with the system development/project management personnel within Group IT and the respective vendor personnel (where systems are procured/ developed with external assistance) during the reviews of individual systems.

Responsible for oversight and reporting of the IT Audit functions in key International QNB subsidiary companies, in accordance with the principles defined in the QNB International Governance Model.

Oversee on day-to-day basis, the individual assignments comprising the approved plan to ensure that these are being conducted in accordance with the best practices for internal auditing, including but not limited to SPPIA recommendations/ guidelines, CoBIT principles and best practice IT Security and IT Governance guidelines.

Ensure that the audit planning, fieldwork and reporting stages are conducted in consonance with the procedures/ guidelines contained in the internal audit manual, including but not limited to communications to relevant auditee management on audit commencement, presentation of draft reports to auditee management and obtaining their responses and holding of closing meetings.

Perform first level review of all internal audit and other special assignment/ investigation reports and subsequent submission as directed to the Chief Internal Auditor - Global IT & IS Audit.

Determine whether test plans and test scripts are in place and actually used, whether testing conducted on the concerned system was adequate and whether all significant issues are resolved/ requirements of the concerned business users met and their sign-offs obtained before moving the system from the test phase to production.

Review compliance with the approved SDLC methodology in this regard.

Ensure the findings raised are factually correct and adequately reflect the deficiency/ non-compliance noted during the audit process.

Monitor post-audit follow-up of audit reports and ensure compliance with recommendations.

Participate in conducting special audits, and investigation of problem areas or for certain specific reasons, as and when directed by his superiors.

Prepare draft reports on timely basis for submission to the audit/ assignment in-charge for his review.

Conduct post-audit follow-up of audit reports and ensure compliance with recommendations.

Provision of inputs to direct manager regarding staff training needs and ensure these are reflected in the Division’s training plans.  

Identify development opportunities and activities for staff and facilitate/coach them to improve their effectives and prepare them to assume greater responsibilities.

Comply with all applicable legal, regulatory and internal compliance requirements including, but not limited to, Group Compliance Policies and Procedures (AML & CTF, Sanctions Policy, Data Protection Policy, Fraud Control Policy, Whistle Blowing Policy, Conflict of Interest and Insider Dealing Policy).

Understand and effectively perform your role under the Three Lines of Defense principle to identify measure, monitor, manage and report risks.

Support the framework of RCSA, KRI, Incident reporting and remediation, as appropriate, in accordance with the Operational Risk Management requirements.

Attend mandatory (internal and external) seminars as instructed by the Bank.

Unrestricted access at any time to all information, records, personnel and property in Qatar and overseas (as and when applicable) that is required for the effective discharge of the incumbent’s responsibilities.

Maintain utmost confidentiality with respect to the information obtained from auditee management during the course of the audit

Qualifications

Bachelor degree in IT or banking or other related subjects.

Professional qualifications such as CISA/ CISSP / CIA / CA/ ACCA etc.

Minimum of 8 years’ experience in IT audit function in a major bank or leading audit firm out of which 5 years in a managerial/senior role.

Required Special Skills:

• Excellent oral and written communication skills in English and Arabic (preferred).

• Proficient knowledge of CoBIT principles, IT Security, IT Governance and related best practices.

• Understanding of banking systems would be an advantage.

• Knowledge of Basel Committee best practices pertaining to the area of responsibility, especially with respect to Business Continuity Management (BCM), including Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP).

• Proficiency in risk concepts, banking operations/ systems and any pertinent regulatory requirements related to his sphere of responsibility.

• Well-developed analytical and interpersonal skills.

• Self-motivated, eye for detail.

• Ability to motivate and lead subordinates.

• Ability to persuade others.

• Flexible team player and able to work and deliver under pressure.

• Working knowledge of Computer Assisted Audit Techniques