Role Profile: Vertical Head Information Systems (IS) Audit
The Vertical Head of IS Audit is a senior leadership position responsible for the end-to-end strategy, development, and execution of Information Systems, IT Infrastructure, and Information Security audits across the organization. This role ensures the proactive identification and mitigation of digital risks in a complex, large-scale environment.
Core Objectives
• Strategic Leadership: Develop a comprehensive IS Audit strategy and annual plan aligned with organizational goals, digital maturity, and regulatory requirements.
• Risk Mitigation: Proactively identify and manage risks across Cyber Security, Cloud, Data Privacy, and emerging digital technologies.
• Compliance & Standards: Ensure audit coverage meets internal policies, professional auditing standards, and multi-regulator legal frameworks.
• Technological Integration: Drive the use of advanced data analytics, forensic techniques, and automated testing to enhance audit effectiveness.
Key Responsibilities
1. Audit Strategy & Execution
• Massive Scale Testing: Oversee the testing of 3,000+ controls covering IT applications and infrastructure processes.
• Application & Process Reviews: Conduct reviews of 1,500+ application controls and 1,500+ process controls to identify vulnerabilities and recommend systemic improvements.
• Specialized Audits: Lead high-impact audits (10+) in Cyber Security, Cloud, and Network Security, plus 200+ data sensitivity reviews focusing on the full data lifecycle.
• Third-Party Assurance: Audit data centers and third-party partners/vendors to ensure SLA compliance and robust data leakage prevention.
2. Continuous Monitoring & Innovation
• Automation: Implement a continuous monitoring framework by developing 5,000+ automated tests for real-time risk assessment.
• Dynamic Response: Identify risk "hotspots" and execute unplanned investigations based on regulatory directives or board requests.
• Trend Alignment: Keep the organization at the forefront of emerging audit trends and digital technology risks.
3. Stakeholder & People Management
• Engagement: Partner with Business, Technology, and Functional leaders to elevate the maturity of the control environment.
• Reporting: Deliver high-level communication and reporting to regulators, Board Committees, and Senior Management.
• Team Leadership: Recruit, nurture, and develop a specialized, high-performing IS Audit team capable of handling complex forensic and technical reviews.
Scope of Coverage
The role monitors a vast technical landscape, including:
• Security: Cyber, Cloud, Network, Data, and Endpoint Security.
• Operations: IT Disaster Recovery (DR), Business Continuity (BCP), Change Management, and Incident Management.
• Infrastructure: Database & OS Management, Data Centers, and Logical/Physical Access.
• Compliance: Data Privacy, Regulatory Circulars, and Project Management.