
Dept. Manager - IT Internal Audit (CISA)
Responsibilities
Lead cybersecurity-focused and technology risk audits using a risk-based approach, covering the full audit lifecycle from risk assessment, audit planning, fieldwork execution, to reporting and follow-up.
Plan and perform risk assessments to identify key cybersecurity and technology risks across infrastructure, network, applications, cloud environments, and supporting IT processes.
Assess the design and operating effectiveness of IT and cybersecurity controls.
Review and evaluate cybersecurity practices and remediation progress.
Utilize data analytics and audit tools to enhance audit coverage, identify anomalies, and support continuous monitoring of technology and cyber risks.
Develop clear, risk-based audit findings and recommendations, and communicate audit results to management and stakeholders.
Perform any other tasks or assignments as required.
Qualifications
Bachelor’s degree or higher in Computer Science, Information Technology, Information Systems, Cybersecurity, Engineering, or related fields.
7-10 years of experience in internal or external IT audit, cybersecurity, technology risk, or related fields.
Professional certifications such as CISA, CISSP, CISM, or equivalent are preferred.
Hands-on experience in cybersecurity testing activities, such as penetration testing and vulnerability scanning, is required.
Experience in conducting risk-based IT and cybersecurity audits.
Strong knowledge of IT audit, cybersecurity, and technology risk management concepts.
Solid understanding of IT general controls, cybersecurity controls, and system/application controls.
Ability to lead audit engagements, work independently, and collaborate effectively with cross-functional teams.
Good command of English, both spoken and written.
Ability to lead end-to-end IT and cybersecurity audit engagements using a risk-based approach.
Strong analytical skills to assess control effectiveness and identify technology and cyber risks.
Ability to perform hands-on penetration testing and vulnerability assessments as part of audit activities.
Hands-on experience using security testing tools such as web application scanners and server vulnerability scanners, and the ability to analyze and validate test results.
Ability to evaluate complex IT environments and translate risks into clear audit issues.
Ability to translate technical testing results into clear, risk-based audit findings.
Effective communication skills for presenting audit results to management and stakeholders.
Good stakeholder management and coordination skills across IT and business teams.
Ability to work independently while collaborating effectively as part of a team.