Role Objective

The Manager Internal Audit – IT and Automation is responsible evaluate the effectiveness of IT risk management, IT Security, control and governance processes. Manager Internal Audit – IT and Automation will plan and execute the entire IT audit operations to identify potential risk in the overall business operations related of the company related to IT. Should possess continuous risk monitoring capabilities with a view to continuously monitor key IT risks and facilitate timely mitigation of the same to acceptable levels by giving value added recommendations. Manager Internal Audit – IT and Automation will support Internal Audit Vice President to identify and implement various automation strategies in the audit department to enhance effectiveness and efficiency in the overall procedures.

Duties and Responsibilities

IT Audit and Automation Planning

• Actively contribute in developing the IT audit strategy for the company in line with IT audit trends and legal stipulations and business plan / objective set by the executive management / mandate given by the Audit and Risk Committee.

• Design and develop the IT audit universe representing the potential range of all audit activities comprising of a number of auditable areas (strategic, operational, IT infrastructure, technology platforms, business applications, IT processes).

• Develop the annual IT audit plan ensuring the IT audit universe is adequately covered considering the risk exposure, significance, and the quality of internal control environments that exist to mitigate risks.

• Design and develop a risk-based audit approach to identify and assess the exposure of the company to IT related business risks and rank them for priority in the context of the audit objectives.

• Design and develop an audit cycle to adequately cover the identified IT related business risks.

• Play a proactive role in designing and developing a training and career development plan.

• Design and develop the automation strategy within IA Department with major focus on enhancing the utilization of Audit Management Software and setting up a data analytics framework to implement continuous auditing and continuous monitoring concepts.

IT Audit and Automation Operations

• Lead the initiatives for developing and documenting standards audit methodology for planning, executing audits, monitoring audit progress, resolving audit issues, communicating audit findings and monitoring the progress of management remediation plans.

• Lead a two-way discussion with Senior Management to define audit coverage for specific audit engagements.

• Maintain effective relationship with Senior Management on audit scope, issues resolution and remediation plans, through continuous feedback mechanism.

• Build a solid working relationship with clients through continuous effective communication and client collaboration.

• Oversee application audits, technology audits and IT process audits to ensure audits are carried out as per audit plan and in line with International Standards for the Professional Practice of Internal Auditing (“ISPPIA”).

• Prepare detailed audit programs for specific IT Audits, execute it after approval from Internal Audit Vice President for completeness of coverage of inherent risks identified.

• Manage the audits on technology platform, infrastructure and general computer controls. Evaluate key IT processes, internal controls and systems to assess their adequacy and effectiveness (including the systems established to ensure compliance with laws and regulations and to safeguard assets);

• Prepare summary of significant findings for the audit committee highlighting high risk areas.

• Conduct IT related fraud investigations based on audit findings and/or as requested by Management.

Risk Assessment and Compliance

• Carry out in-depth risk assessment for the areas under audit related to Information Technologies and Automation.

• Identify potential risks and recommend control improvements to mitigate them effectively, safeguarding the organization's assets and ensuring business continuity.

• Monitor and assess changes in the business environment to adapt IT audit plans, proactively addressing compliance requirements and mitigating potential risks.

• Stay up to date with industry trends and regulatory changes that may impact the organization, providing guidance and support to ensure compliance.

Compliance and Governance

• Ensure the organization complies with relevant laws, regulations, and internal policies, establishing a culture of integrity and accountability.

• Oversee development and implementation of compliance programs, establishing robust controls and mitigating compliance risks.

• Track the implementation of IT audit recommendations and provide periodic updates to senior management on the status of corrective actions, ensuring identified issues are effectively addressed and risks are mitigated by the team.

Documentation and Reporting

• Ensure that IT audit documentation is accurate, complete, and in compliance with audit standards, maintaining the highest level of quality and integrity.

• Prepare clear and concise IT audit reports, highlighting findings, recommendations, and action plans for senior management's review and follow-up, enabling informed decision-making, promoting accountability, and driving continuous improvement.

• Ensure that all audit projects are adequately documented along with all supporting documents.

Automation and Continuous Monitoring

• Conceive, design and develop a comprehensive continuous risk monitoring approach and automation in the audit processes, which enables the Internal Audit Department to provide a risk-based audit coverage.

• Design, Develop, Deploy and Manage the continuous risk monitoring methodology and capability to implement the above strategy, using appropriate technological platforms and tools with a view to monitor key risks on an ongoing basis, so that the “red flags” defined based on the criteria set by Audit Committee/Executive Management are monitored on an ongoing basis.

• Guide, Advice and Influence Internal Audit teams members to adopt continuous risk monitoring methodology in their respective audit entities with a view to focus on key risk areas so that audit resources are optimally utilized, and shorter audit cycle times are achieved.

• Influence business line managers to act on the exceptions highlighted by the automated risk monitoring analytics and establish an ongoing communication with them regarding to follow-up on the actions taken by them to mitigate the risks.

Other Support

• Support VP Internal Audit in the Audit Committee and Management for:

• Implementation of new projects

• Process re-engineering

• Review of policies and procedures manuals

• Other ad-hoc assignments as requested by Management and the Board from time to time.

Continuous Improvement

• Report on the process of continuous review and improvement throughout the department.

• Utilize knowledge of industry best practices, technological advancements, and pertinent research to form an informed perspective on opportunities and obstacles.

Audit Liaison

• Ensure proper liaison with Internal Audit Vice President.

• Collaborate and communicate with external or state auditors to identify areas requiring support.

Education & Experience

 Bachelor’s degree in Information Technology related discipline. Postgraduate degree will be an asset.

 Professional qualifications: - Certified Information Systems Auditor (CISA)

 Additional certifications such as Certified Internal Auditor (‘CIA’), CISM, CISSP preferable.

 8+ years of experience in an Internal Audit role Audit or Information Technology function with a minimum of 3 years in a management position, experience in the airline industry will be preferred.

 Strong interpersonal and communication skills, both written and verbal, in English.

 Strong ethical conduct with dedication to maintaining ethical standards across all compliance matters and adhering to the aviation industry laws and Code of Conduct.

 Demonstrated outstanding organizational and leadership abilities.

Special Skills & Knowledge

 Proficiency in MS Office.

 Ability to adhere / maintain office confidentiality.

 High Customer Service orientation with excellent communication skills.

 Strong understanding of UNIX and Windows operating systems, Sybase, Oracle and SQL databases, client-server and web-based technologies; performing program control reviews using COBOL, C++, C#, JAVA, PERL, SQL, VB; and analyzing and opining on the design and effectiveness of IT controls within the areas of application change management, performance and capacity, data interfaces, business continuity, backups and recovery, and end-user computing.

 Expert knowledge of data analytics tool (ACL/ IDEA or similar tools)

 Solid understanding of internal controls concepts (COBIT, COSO, ISO 27002, ITIL, NIST)

 Good Team Management Skills.

 Proficiency in English (must) and Arabic (preferred).