Role Purpose
Assist the Senior Manager in planning and executing IT and Information Security audits. Support audit testing, documentation, and reporting while developing technical expertise and professional certifications. Contribute to strengthening Mbank’s IT control environment and compliance posture.
Job Objective
To perform risk-based IT audits and support continuous improvement initiatives. The role focuses on building strong audit skills, understanding regulatory frameworks, and contributing to the team’s success through accurate documentation, timely execution, and proactive learning.
Key Responsibilities
- Audit Planning and Execution
• Assist in preparing audit programs and risk assessments for IT and IS audits.
• Perform control testing for ITGCs, cybersecurity, access management and disaster recovery under supervision.
• Document audit evidence and maintain working papers in line with IIA and ISACA standards.
• Support the Auditor In Charge/ Senior Manager - Technology & Information Security Audits in preparation of the Terms of Reference and Audit Planning Memorandum
- Audit Action Follow-Up and Stakeholder Engagement
• Track remediation of audit findings and verify supporting documentation.
• Support validation testing and maintain accurate records in the Audit Management System (TeamMate).
• Escalate delays or inadequate evidence to the Senior Manager - Technology & Information Security Audits for appropriate management attention.
- Quality and System Enhancement
• Ensure completeness and accuracy of audit documentation.
• Maintain high quality and consistency in working papers, evidence, and reporting through disciplined use of the Audit Management System (TeamMate).
• Suggest improvements for audit processes and leverage data analytics tools where possible.
- Knowledge Building & Development
• Stay updated on emerging IT risks, cybersecurity trends and regulatory changes.
• Participate in internal training and pursue certifications.
- Reporting and Communication
• Prepare audit reports with clear articulation of control weaknesses, business impacts, and practical recommendations.
• Contribute to preparation of summary reports and dashboards for senior management and the Audit Committee.
• Communicate effectively with stakeholders during audits and follow-up activities.
• Escalate significant findings or recurring weaknesses promptly for the Senior Manager and AVP of Technology & Information Security Audits.
Experience & Knowledge
- 4–5 years of experience in IT audit, IT risk, or information security (banking/financial services preferred).
- Bachelor’s degree is a must at a minimum
- CISA certification preferred (or willingness to obtain within 12 months).
- Knowledge of IT General Controls (ITGCs), cybersecurity principles, and application controls.
- Familiarity with regulatory frameworks such as ISO 27001, NESA, COBIT and UAE Central Bank guidelines.
- Exposure to auditing IT governance, cybersecurity, disaster recovery, and vendor risk.
- Understanding of digital banking platforms, cloud environments, and emerging technologies.
- Experience with audit tools and data analytics (Excel, SQL, Power BI, ACL, IDEA is a plus).
Competencies & Skills
- Strong analytical and critical thinking skills to identify control weaknesses and assess risks.
- Detail-oriented with excellent documentation and organizational skills.
- Effective verbal and written communication for clear reporting and stakeholder engagement.
- Ability to work collaboratively in a team and adapt to dynamic environments.
- High ethical standards, integrity, and sound judgment.
- Proactive learner with curiosity for emerging technologies and regulatory changes.
- Skilled in time management to meet audit deadlines under resource constraints.
- Familiarity with audit management systems (e.g., TeamMate) and willingness to learn advanced tools.
