Principal IT Auditor

My client, an international bank, based in London, are looking for a Principal IT Auditor to join their growing team.

About the Principal IT Auditor role:

The overall purpose of this position is to perform IT and Cyber Security Audit work in accordance with IG standards and methodology in order to strengthen bank’s IT and Cyber Security control environment.

Key Responsibilities of Role:

• Perform Information Technology and Cyber Security audits through comprehensive fieldwork, thorough examination and evaluation of key risks and controls
• When required, lead and/or contribute in special reviews and integrated audits as required by the business and/or regulators
• Perform thorough fieldwork by using a comprehensive and effective testing strategy
• Prepare "easy to follow" work papers with particular focus on traceability and analysis to support findings
• Aggregate facts and articulate draft findings and recommendations in simple and easy to understand manner
• Finalise and distribute draft of audit findings/recommendations to auditees for internal control improvements
• Ensure that the audit deliverables are delivered on time, and with expected quality
• To follow through with auditee on implementation of recommendations and validate if the auditee has implemented the recommended counter measures or controls to address the root cause of the issue in an effective manner
• To contribute to the Information Communication Technology risk assessment of audit universe, establishing a reliable communication channel with the auditees
• Follow audit professional standards and regulatory requirements in the performance of the day-to-day function of internal auditor
• Assist the Head of Assignment to plan each audit prior to the commencement of fieldwork (includes meeting with IT and Bank management, discussing changes/events that have a material impact on the activity, revising/enhancing the examination program and scope as warranted)
• Keep abreast of the evolution of areas like information technology, payment security, data governance, cyber security, auditing standards, banking regulations through training, publications and seminars.

Contributing Responsibilities

• Contribute to the improvement of the Inspection Générale practices through sharing industry and organizational best practices, and influencing constructive ideas towards enhancement of our audit methodologies
• Contribute in periodic audit planning exercise by bringing in expertise and supporting data to highlight key audit areas or risks. 　

Experience, Qualifications & Competencies
Technical and Behavioral Competencies required　

• Strong expertise in IT and Cybersecurity risks and controls (IT security hands-on experience is a plus)
• Intermediate-level data analysis skills
• Conversant with AGILE methodology for the delivery of audits
• Outstanding analytical skills
• Familiar with key banking regulations such as CHAPS, BASEL, PCI DSS, SOX. ISO etc
• Ability to manage and effectively communicate with stakeholders from middle to senior level management
• Ability to synthesize and articulate the core issues in simple English
• Excellent communication and presentation skills (in English)
• High level of initiative, commitment, and drive
• Ability to work effectively under pressure and within short deadlines
• Promotes a constructive, cooperative, and participative teamwork environment

Specific Qualifications　

• Possess a Bachelor’s / Master’s Degree in Information Technology/ Management Information System / Computer Science and related discipline;

• Not less than 3 years of experience in external auditing / internal auditing / IT / risk / compliance / internal control / operations in the financial services industry.

• Professional Qualification/Certificate in Audit, e.g. CISA, CISSP, CISM, CCSP.

Skills Referential
Behavioural Skills:

• Creativity & Innovation / Problem Solving

• Ability to collaborate / Teamwork

• Ability to synthesise / simplify

• Adaptability

Transversal Skills:
Analytical Ability

• Ability to understand, explain and support change

• Ability to anticipate business / strategic evolution

• Ability to inspire others & generate people’s commitment

• Ability to develop and leverage networks

Education Level: Bachelor Degree or equivalent

• Experience Level : At least 3 years

Other/Specific Qualifications (any of these skills is highly appreciated)

• Information Technology – Systems

• Operating Systems : Linux/UNIX, Windows

• Databases Management Systems: Oracle, SQL Server, NoSQL, MariaDB, MongoDB

• Data Analytics: Elasticstack, Kafka, Tableau, Power BI, R, Python (Panda, Matplotlib, SciKit)

• Cloud Technology: AWS, Azure - Containers Kubernetes, Docker

• Programming / scripting: Linux / windows Shell, batch commands / Javascript, Web development framework

Cybersecurity
Tools/Technologies:　

• Identity Access Management: Sailpoint, CyberArk, Oracle Identity Management , Single Sign-On : WEB SSO

• Network Security: Strong network knowledge, (routing, Firewalls), Proxies (WEB, Reverse Proxy),　

• System security

• Security configuration, Patching, vulnerability scanning (Nexpose, Nessus), Active Directory. LDAP

• Application security: OWASP, WAF, Scanning (Qualys, Rapid7, Tripwire, Fortify)

• Penetration Testing / ForensicsTools: Kali Linux (Burpsuite, nmap, zap, dirbuster, metasploit, …)

If the above is of interest please appy to this job advertisement or call me on 0207 509 8040 to find out more