Position Name

Consultant

No. of Position

1

Worksite / Department

Remote / On-site (Internal Audit Office / Internal Audit Department)

Salary & Benefits

-        Net Salary: Negotiable

Job Responsibilities

Audit Planning and Risk Assessment

-        Collaborate with the Internal Audit team to Compile the IT audit universe and develop an annual IT audit plan.

-        Perform risk assessments in line with Companies risk assessment framework to identify critical IT areas requiring audit focus.

-        Assess the alignment of IT strategies with business objectives.

IT Control Evaluation

-        Evaluate the design and operating effectiveness of IT general controls (ITGC), application controls, and system interfaces.

-        Assess compliance with relevant regulations, standards, and best practices (e.g., ISO 27001, COBIT etc.).

-        Audit Execution

-        Conduct IT audits focusing on infrastructure, applications, databases, networks, and cybersecurity.

-        Perform audits of IT governance, disaster recovery, and business continuity plans.

-        Test automated processes, system configurations, and access controls.

-        Identify vulnerabilities and provide recommendations for remediation.

-        Cybersecurity and Data Protection

-        Review the organization's cybersecurity framework and its implementation.

-        Assess data protection practices, including encryption, access management, and incident response protocols.

IT Policy and Procedure Review

-        Review IT-related policies, standards, and procedures to ensure they are up-to-date and effective.

-        Provide input on improving IT policies to align with industry standards.

Audit Reporting

-        Prepare detailed audit reports highlighting findings, risks, root causes and recommendations

-        Present audit results to senior management and Audit Committee of STO.

Advisory and Training

-        Advise the Internal Audit Department and the Audit Committee on emerging IT risks and technologies.

-        Engage the IT audit staff in all tasks and provide on the job training to the staff on IT audit methodologies and tools and conduct IT audit engagements.

Follow-Up

-        Monitor the implementation of agreed-upon corrective actions.

-        Reassess controls to confirm effective remediation of identified risks.

Deliverables

-        Comprehensive IT risk assessment report and IT audit universe.

-        IT audit work plans and engagement documentation including all work papers.

-        Detailed audit findings with actionable recommendations.

-        Final IT audit reports for stakeholders.

-        Training and guidance for IT audit staff.

-        Detailed IT Audit Framework/Manual

Required Qualifications

-        Education: Bachelor’s degree in IT, Computer Science, or related fields.

-        Certifications: CISA, CISSP, CRISC, or similar credentials.

-        Experience: Proven expertise in IT auditing, cybersecurity, and regulatory compliance. Minimum 10 years of experience in IT auditing or leading a team to undertake specific IT audit engagements.

-        Must have performed similar audit engagements within the last two years.

Deadline

31^st December 2024, 1230hrs

How to Apply

Interested candidates please apply online through our job portal https://sto.mv/careers

To process the application, we require necessary documents

You can contact us on 3012404