Senior IT Internal Audit

Skills and Qualifications

• Degree in Computer Science, Management Information Systems, Information Security or another Business-related field is required;
• 3+ years of experience in information systems auditing;
• Fluency in Russian and English languages, Uzbek will be a plus;
• Team player with strong intercultural and communication skills, able to interact with stakeholders at all levels and from different professional areas;
• Working experience in IT/ Cybersecurity field is a plus;
• The following licenses and/or certifications is a plus: CISA, CISM, CISSP, CIA, CFE etc.;
• Financial and IT application experience (S4HANA, SAP CRM, SAP PO, SAP CAR, BW4HANA, 1C БУ, DOCU, EDI) will be a plus.;
• Knowledge and experience in conducting audits applying IT and Cybersecurity control frameworks/standards/practices, including: ISO 27000, ISO 27001, ISO 27701, PCI DSS, COBIT;
• Knowledge of local and international regulatory requirements;
• Basic knowledge of the enterprise IT processes (Access control, Change Management, Patch management, Capacity management, Disaster Recovery, etc.);
• Knowledge of the fundamental principles in IT and Cybersecurity (networks, operating systems, databases, etc.);
• Understanding of the Project Management Methodologies;
• Understanding of the software development process;
• Ability to work under pressure and meet deadlines;
• Critical thinker and curious mindset, able to dive into new topics and approaches in a dynamic environment;
• Independent, analytical and solution-oriented working style;
• Keeps up-to-date on audit procedures and regulations by attending conferences, workshops, and continuing education seminars

Responsibilities

• Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies.
• Conduct IT risk assessment by understanding business objectives, internal controls, enabling technology, and IT infrastructure
• Plan, lead and manage risk-based IT audits over various technologies utilized by the company and various IT functions. Assess both the design and operating effectiveness of internal controls
• Evaluate controls designed to prevent or detect fraud, including management override of controls
• Communicate with management, identify process improvement opportunities, and build relationships with business process owners and management
• Ensure audit documents (process flows, risk assessments, programs, workpapers, etc.) and reports, with minimal revisions required, capture the procedures performed, support conclusions reached, identify internal controls and control weaknesses, and provide value-added recommendations
• Preparing Audit program, IT Internal Audit plan and reports to Internal Audit Head
• Communicate audit results and recommendations both orally and in writing in simplified terms to the relevant staff, including management