Cyber and Investigation Audit Lead

OVERVIEW

Position

Cyber & Investigation Audit Lead

Job Code

Reports to

Cyber & Investigation Audit Manager

Direct Reports

-

Division/Section

Technology & Data

Department

NEOM Internal Audit

Sector

N/A

Job Family

Role Purpose

As Cyber & Investigation Audit Lead, you play a pivotal role in the auditing process, positioned strategically between the audit team and management. Your primary responsibilities include coordinating and overseeing the daily activities of the audit team, ensuring the effective execution of cybersecurity & investigations audit plans, and maintaining the highest standards of quality and accuracy. Your expertise in security, auditing principles and practices is vital in guiding the team through complex auditing processes, while also serving as a mentor to junior auditors. You liaise with the Audit Manager to report on audit progress and findings, contributing significantly to the identification and assessment of potential risks. Your role is essential in upholding security compliance with regulatory frameworks and in helping to create a collaborative and knowledge-driven environment within the team.

BACKGROUND, SKILLS & QUALIFICATIONS

• Minimum 4-6 years’ experience in IT related domains, IT Audit or other Risk Management function in large and complex organizations.

Experience required:

• Prior experience and knowledge in audits (planning, leading, and delivering) associated with critical business applications, on-premises & Cloud infrastructure (e.g. Azure, AWS), operating systems (e.g. Windows, Linux), Databases, SAP, third parties, and network components in modern security architecture (Zero Trust).
• Experience and knowledge in Security Standards such as NIST Cyber & Privacy, ISO 27001/2, CIS Controls, and MITRE ATT&CK frameworks.
• Advanced understanding of risk management concepts and techniques.
• Familiarity with advanced IPPF audit standards and regulatory requirements, including Sarbanes-Oxley (SOx).
• Excellent verbal and communication skills in English, in addition Arabic is desired.
• Ability to train and mentor junior auditors.
• Up-to-date with emerging digital and tech landscape and disruptive technology.
• Experience in TeamMate Audit Management Systems is an advantage.

Qualifications required:

• Minimum Bachelor’s degree, preferably in Technology field.
• Relevant professional qualifications (e.g. CISA, CISSP, CISM, GSEC, Security+, COBIT, ITIL etc.) .
• Knowledge on KSA National Cybersecurity Authority (NCA) is a must.
• Security knowledge in critical infrastructure, including OT/IOT is desired.
• Must become a member of the Institute of Internal Auditors (IIA).

KEY ACCOUNTABILITIES & ACTIVITIES

Technical Audit Skills

• Conducts cyber and investigations audits according to the relevant KSA regulatory authorities, and where appropriate, other international/ industry standards.
• Cultivates big-picture perspective by considering the context of processes and maturity of the department, system or facility being audited.
• Develops an understanding of organizational context through thorough determination and understanding of internal and external business risk and non-compliance issues that can impact the organization and its objectives.
• Investigates and understands the root causes of audit findings and uses them as the basis for determining remediation activities and assessing the effectiveness of those actions.
• Demonstrates understanding of auditee perspectives and awareness of business risks and non-compliance challenges faced by stakeholders and show empathy during the process.
• Recognizes opportunities for enhanced quality or efficiencies and challenges with, or considerations of implementing automation, analytics, and AI across each phase of audits.
• Ensures that management are kept abreast of significant audit issues if and when they arise, and that audit findings and next steps are agreed with all relevant stakeholders prior to circulation.
• Performs self-assessment and quality control to ensure audit reports and other deliverables are of sufficient quality when presented to stakeholders and/or Audit Senior Management for review.
• Coordinates with Internal Audit team in following up open and overdue observations.
• Ensures that emerging business risks are proactively understood and reported to audit leadership promptly.
• Manages budget process of all audits on the yearly plan ensuring that costs are managed, and overruns discussed with Manager or Senior Manager in good time.

Management

And Oversight

• Ensures effective team working by providing leadership and performance guidance.
• Participates in on-going IA projects to identify various business risks and non-compliance.
• Ensures effective team working by providing performance guidance and support to the NIA junior audit team members through coaching, feedback, and mentoring.
• Supervises team members during audits to provide on-the-job training and mentoring as required.
• Performs real-time reviews of auditors’ deliverables and provide constructive feedback as and when necessary.
• Ensures that audit methodology and best practices are adhered to during the execution of audits and projects.
• Role model NEOM Values demonstrating effective leadership to all NIA team members.
• Contributes to Thought Leadership initiatives, focused on the relevant global trends to support and develop NEOM approaches, activities, and achievements.
• Adheres to the requirements of the IPPF when planning and conducting an internal audit engagement