Information System Internal Auditor

The Information Systems Internal Auditor is responsible for evaluating the effectiveness, efficiency, and
security of an organization’s information systems, technology processes, and controls. This role involves
conducting audits, risk assessments, and compliance reviews to ensure the protection of data, integrity
of systems, and adherence to relevant regulations.
4. Key Responsibilities and Accountabilities:
1. Audit Planning:
• Collaborate with the audit team to develop a risk-based IT audit plan, including defining audit
objectives, scope, and timelines.
• Stay informed about emerging technology risks and industry best practices.
2. IT Auditing:
• Conduct IT audits to assess the adequacy of IT controls, security measures, and compliance with
policies and standards.
• Evaluate the design and effectiveness of information systems, data processing, and technology
infrastructure.
3. Cybersecurity Assessment:
• Assess the organization’s cybersecurity posture, including vulnerability assessments and
penetration testing.
• Identify security weaknesses and recommend improvements.

4. Data Privacy and Compliance:
• Ensure compliance with data protection laws and industry-specific regulations.
• Evaluate data handling practices, data access controls, and data encryption.
5. Internal Controls and Risk Management:
• Identify and assess IT-related risks and control weaknesses.
• Provide recommendations to mitigate identified risks and improve control effectiveness.
6. Incident Response and Recovery:
• Assess the organization’s incident response plan and disaster recovery procedures.
• Test and evaluate the organization’s ability to recover from IT-related incidents.
7. Documentation:
• Maintain comprehensive and organized audit documentation, including workpapers, findings,
and recommendations.
8. Report Generation:
• Prepare audit reports summarizing findings, recommendations, and action plans.
• Communicate audit results to management and relevant stakeholders.
9. Recommendations:
• Provide practical recommendations for enhancing information systems security and technology
controls.
• Collaborate with IT teams to implement recommended changes.
10. Follow-up Audits:
• Monitor and verify the implementation of audit recommendations and assess their
effectiveness in mitigating risks.

Education:
• Bachelor’s degree in Information Technology, Computer Science, or a related field
(relevant certifications such as Certified Information Systems Auditor (CISA) or Certified
Information Security Manager (CISM) may be preferred).
Experience: 3-5 years of Proven experience in IT auditing, information security, or related roles..
Skills:
▪ Strong understanding of IT systems, security, and risk management.
▪ Proficiency in audit methodologies, IT tools, and data analysis.
▪ Excellent analytical, communication, and problem-solving skills.
▪ Attention to detail and ability to work independently and within a team.
▪ Ethical behavior and a commitment to maintaining confidentiality.
▪ Effective time management and multitasking abilities.
▪ Excellent communication skills, both verbal and written.
▪ Adaptability in a fast-paced environment.
▪ Training and development experience.
▪ Industry knowledge related to the organization’s products or services.
▪ Fluent in English, Arabic and/or Kurdish.
Knowledge
▪ Good computer skills
▪ Able to collate and interpret data from various sources.