Full Job Description
- Develops annual Audit plan in areas of Information Technology including infrastructure, applications, and cloud hosted services.
- Independently carries out IT Audit engagements on critical applications supporting airline operations, cyber security and IT services.
- Engages with IT and Business units for project reviews and consulting engagements as independent IT assurance provider.
- Carries out ad-hoc/special assignments as directed by Head of Internal Audit, in order to investigate incidents, situations, suspected fraud or misconduct and prepare detailed reports with recommendations.
- Assesses and provides guidance to Management on implementing and maintaining compliance to information security and data privacy standards such as PCI DSS, ISR, ISO 27001 and GDPR.
- Updates IT Audit universe as per changing business environment, assess the strategic adoption and use of new technologies.
- Ensures that Audit assignments are conducted in accordance with the International Auditing Standards and Departmental Code of Ethics.
- Communicates effectively and professionally with business units / department management (SVP, VP, Senior Manager and Manager levels) throughout the Audit process, including developing a mutually agreed action plan.
- Maintains Audit management system by periodic follow-up and action plan updates.
- Operates across all areas of the business as subject matter expert in IT Audit with minimal direct supervision.
- Bachelor’s Degree (or equivalent)
- Computer Science/IT
- Preferred No. of Years (with Relevant Degree) – 6
- CISA is mandatory.
- Certified Internal Auditor (CIA), CRISC and ISO 27001 are desirable.
- Cloud professional certifications from AWS, Azure are desirable
- Customer Focus
- Team work
- Effective Communication
- Personal Accountability & Commitment to achieve
- Resilience and Flexibility (Can do attitude)
- Business Acumen
- Inspiring & Developing Others
- Decision Making
Reads and complies with the ISR policies of the Company and diligently reports any weakness or incidents to the respective Line Manager or the Information Security team. Completes all required ISR awareness sessions and follows associated guidelines in the day to day business operations.