IT Internal Auditor

AlUla Club is seeking a detail-oriented IT Internal Auditor to enhance and support our auditing processes related to information technology. The IT Internal Auditor will be responsible for evaluating the Club's IT controls, security measures, and infrastructure to ensure that technological systems are safeguarded against risks, comply with relevant regulations, and provide reliable operational support.

Responsibilities

• Identify, assess, and monitor IT-related risks, including cybersecurity threats, data privacy concerns, cloud security risks, and IT governance vulnerabilities.
• Develop and maintain an IT Risk Control Matrix (RCM) mapping key risks, controls, and testing procedures.
• Assist in developing and executing an annual IT audit plan based on risk assessment results and business priorities.
• Conduct audits on IT general controls (ITGCs), application controls, network security, cloud security, and access management.
• Review user access management, segregation of duties (SoD), identity & access management (IAM), privileged access security (PAM), and role-based access controls (RBAC).
• Assess change management and IT service operations, including patch management, software development life cycle (SDLC), and DevOps practices.
• Review IT incident response and problem management processes.
• Assess third-party and vendor IT security risks, including cloud service providers and outsourced IT services.
• Evaluate IT disaster recovery (DR) and business continuity plans (BCP) for adequacy, resilience and effectiveness.
• Perform penetration testing and vulnerability assessments in coordination with IT security teams.
• Assess firewall configurations, intrusion detection and prevention systems (IDS/IPS), endpoint security solutions, and SIEM (Security Information and Event Management) tools for compliance with cybersecurity policies.
• Evaluate encryption standards, data loss prevention (DLP) solutions, and data classification controls to safeguard sensitive and regulated data.
• Evaluate the effectiveness and efficiency of internal controls over operational processes, financial reporting, and regulatory compliance.
• Prepare detailed audit reports summarizing IT risks, control weaknesses, and recommendations.
• Communicate findings with IT management and senior leadership, ensuring understanding and agreement on corrective actions.
• Maintain an IT audit issue tracking system to monitor remediation efforts.
• Follow up with management to ensure timely implementation of audit recommendations.
• Continuously update IT audit methodologies to address emerging cyber threats and technology risks.