Manager Internal Audit - Information Technology

Established in 2004, Dubai Holding is a global investment company with investments in more than 34 countries and a combined workforce of nearly 45,000 individuals. In line with the vision of Dubai's leadership and economic diversification strategy, Dubai Holding companies have nurtured sectors, irrevocably transforming Dubai's socio-economic landscape and positioning Dubai as a diversified, globally integrated economy.

Dubai Holding is committed to the diversification of Dubai's non-oil economy. Our portfolio, valued at over AED 280+ billion, spans 10 sectors, including real estate, hospitality, leisure & entertainment, ICT, design, education, media, retail, manufacturing & logistics, and science.

For the Good of Tomorrow

Dubai Holding is currently seeking a Manager - Internal Audit, Information Technology, reporting to the Associate Director - Technology Audit. You will be responsible to provide independent and objective assurance, advisory and make recommendations on the effectiveness of the Group's corporate governance, risk management and internal controls including security controls, thereby minimizing the risk of security breaches and protecting sensitive information.

You will also carry out activities in accordance with the Group-wide Audit Manual and International Standards for the Professional Practice of Internal Audit.

If you have got talent, customer service mindset and are looking for a stimulating and rewarding career, we would like to hear from you.

Key Accountabilities

• Manage the implementation of the three year and annual audit plan through the audit of the relevant BU's, functions and processes, as per the annual audit plan, covering departmental policies and procedures, system controls, economic frameworks etc., to ensure that all corporate risks and deviations are identified.

• Collaborate closely with process owners and Management to develop and follow up on suitable preventive / corrective action plans in response to the internal audits irregularities or areas of non-compliance identified, thus enabling efficient turn-around and risk mitigation.

• Assess effectiveness of internal controls related to IT systems that includes examining the security measures in place for both traditional IT systems and cloud-based environments and process and recommending improvements as necessary.

• Review design and implementation of information systems, evaluate their security features and ensure they meet business requirements.

• Steer internal audit activities including the audit of areas such as IT Infrastructure, application general controls, database management, cloud environment and information security operations, Enterprise Architecture (EA), data management and resilience by design depending on risks identified and highlight non-conformances and facilitate their prompt mitigation.

• Oversee and quality assure the development of audit reports to make sure that they contain comprehensive and accurate observations and findings and provide value-adding recommendations to the functional areas.

• Identify continuous improvement initiatives in order to provide an effective and professional audit service to meet the needs of the quarterly Executive Summary to DH Senior Management.

• Monitor the implementation of corrective actions identified against any audit irregularities or areas of non-compliance to ensure they are corrected on time and to keep the line manager informed of any discrepancies or delays.

• Analyzing the different risks of using emerging technology (AI, Blockchain, IoT) in organizational processes and procedures and producing RACI matrices.

• Performing technical reviews including cyber, website, mobile apps, RPA along with code reviews processes.

• Ensuring that cyber and physical assets are safeguarded by assessing controls implemented for robust functionality to be present within organization owned systems and products.

• Stay abreast of emerging technologies, threats, and security best practices.

Who We Are Looking For

• 8 to 12 years of relevant experience years of internal and/or external audit experience.

• Strong understanding of governance models, audit and audit reporting best practice in the respective Industry Domain.

• Strong understanding of risk assessment and treatment.

• Strong understanding of IT systems, cloud computing, and cyber security principles.

• Experience in conducting security audits and risk assessments.

• Knowledge of relevant regulations and compliance frameworks such as UAE Personal Data Protection Law and GDPR.

• Capable to conduct regular security audits to evaluate the effectiveness of existing security measures and recommending improvements.

• Continuous auditing using system generated evidence and maturity scoring.

• Strong inter-personal skills and an ability to connect with people at all levels to drive successful relationships.

• Good understanding of Information Security incident management, security event logging and monitoring and best practices for secure network architecture.

• Strong understanding of Vulnerability Assessment and Penetration Testing process and assessment of the control implementation status.

• Excellent English written and verbal communication and interpersonal skills, computer literate.

• Strong understanding and hands-on experience in Audit Management software and data analytics tools.

• Knowledge of project management methodologies including Agile methodologies.

• Familiar with statistical analysis, predictive analysis, and forecasting data models.

• Familiar with creating reports and presentations for senior executives.

• Familiar with ways of procuring evidence for auditing purposes.

• Familiar with Git branching and repository management.

• Familiar with software development lifecycle (SDLC) modules and sub-modules.

• Familiar with data analytics tools like power BI / tableau. move from sampling to population testing.

Education / Professional Certifications

• Bachelor's degree in information technology, cyber security, or a related field.

• Professional certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), or equivalent.

Technical Competencies

• Internal audit methodology and IA reporting technology.

• Risk management and forensics.

• Secure network architecture and security testing.

• Data analysis and technical writing.

• Adequate knowledge of legal requirements within the UAE, international internal audit standards and requirements.

• Excellent service delivery and process management skills.

• Excellent analytical capabilities.

• Handson experience in information security operation and cloud administration is a plus.

As much as we would be delighted to entertain all applicants, due to high volumes of applications only successful applicants will be contacted within 14 business days.

This job description is not all inclusive. Dubai Holding reserves the right to amend this job description at any time. Dubai Holding is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.