Job Description

JOB PURPOSE: Perform assigned audit engagements, from start to finish, inclusive of preplanning, wrap up activities ensuring application of risk and control concepts to scenarios encountered, and identify any potential issues. Assist in the periodic Risk Assessments and development of the Risk-Based Work Plans focusing on Technology risks.

KEY ACCOUNTABILITIES:

Internal Audit Plan Develop the audit universe to ensure it covers all Operation Technology (OT) risks that could affect the ADNOC Business operations. Develop and implement strategic initiatives (e.g., OT Assurance Plans) that impact the group wide audit plans and oversee the execution to ensure it fulfils the objectives. Analyze audit plans of AGCs and verify for adequacy of coverage and execution. Provide relevant business and technology insights into current, emerging & potential technology issues, trends & opportunities affecting AGCs and BLDs. Audit Execution Perform audits, advisory engagements, and other influencing activities in highly technical areas of current/emerging technologies in AHQ and AGCs. Develop a detailed audit program / Risk & Control Matrix (RCM) for the assigned audit including the objectives, potential risk, key controls, audit procedures and the use of audit techniques and tools to evaluate governance, risks and controls processes, and submit audit program to the management for review and approval. Determine auditing procedures to be applied, including the use of Information Systems Audit Techniques, data analytics, statistical sampling method or others. Establish Centre of Excellence for critical technology areas and provide on-going support to AHQ and AGC auditors and Sr. Auditors during the execution of the audit deliverables. Audit Reports Prepare audit report with conclusion, expressing professional opinions on the adequacy and effectiveness of risk management, control systems and the efficiency with which activities are carried out. Recommend improvement options to rectify reported deficiencies, for Department Manager's review. Recommend practical enhancements in Technology governance, risks, and control processes to assist in the achievement of the company business objectives. Follow-up on replies to issued draft and final audit reports and review the adequacy of the corrective actions taken on audit recommendations / improvement options. Perform quality assurance activities on reports issues by AGCs auditors and service providers. QUALIFICATIONS, EXPERIENCE, KNOWLEDGE & SKILLS: Minimum Qualification Bachelor Degree in Computer Science or related Technology disciplin. Minimum Experience & Knowledge & Skills 10+ years of varied IT experience in oil and gas and minimum of 5+ years work experience in Operational Technology. Expertise on developing OT security programs, and securing OT network architecture. Ideally a solid foundation in OT support in plants which was build up with IT topics like network architectures, network protocols, industrial protocols, Active Directory, Backup processes, virtualization of applications and other general IT knowledge. Expert knowledge of related standards like IEC 62443, NIST 800-82. In-depth knowledge of International Professional Practices Framework for IT Assurance/IT Assurance Framework (ITAF) and other related frameworks/standards (e.g. COBIT, ITIL, ISO27000, NIST) and their interpretation/application to IS/IT auditing practice. Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action. Awareness/knowledge of Operational Technology (OT) processes and systems In-depth knowledge of IT processes including, but not limited to, system development, infrastructure review, access right management and change management. Expertise in collecting and analysing complex data using data analytics tools, evaluating information and systems, and drawing logical conclusions Extensive knowledge of planning and project management areas Advance technical knowledge of different operating systems, databases, network infrastructure components (routers, switches, firewalls etc.) and ERP. Professional Certifications IT audit certification, CISA, is mandatory. The candidate should already possess the certification or ability and willingness to obtain within first year of joining. Specialized OT related certifications or accreditations. Other related certifications (CISSP, CISM, GIAC, GICSP etc.) are preferred.