- Handling and leading IT Audit assignments which cover planning audit engagements, preparing related risk assessment and audit programs, testing the controls and reporting recommendations for identified risks.- Reviewing and evaluating the effectiveness of the bank's information security controls and IT risk management methodology. - Participating in audit engagements for the bank's subsidiaries and overseas branches e.g. Malaysia, Jordan and Kuwait businesses, to evaluate the adequacy of their internal control, governance and risk management. - Responsible for preparing audit status reports for the bank's High Management Committee and Audit Committee.- Acting as the backup for the IT Audit director in managing IT Audit staff and related IT audit assignments during my director leaves.

Handling IT Audit engagements in the CITC.Conduct a comprehensive audit assignment for Information Security Department in alignment with ISO27001 standards and related requirements. Assist Internal Audit Head in restructuring audit process and methodology and preparing Quarterly Audit Reports required to be submitted to the organization's management.

- Establish the IT Audit Function within the organization and prepare IT Audit Methodology and related work guidelines that covers audit planning, fieldwork and reporting. - Conduct risk assessments for IT assets (IT systems, processes, services) for the purpose of preparing effective IT Audit plan.- Perform some audit engagements such as IT Quality Audit, IT Management Structure Audit, Pension & Investment Applications Audit and evaluating the level of compliance with the ISO27001 requirements. - Establishing an effective quality and reporting methodology for Internal Audit function, and preparing adequate internal self-assessment for Internal Audit function. - Secretary of the organization’s Audit Committee, and responsible for arranging the quarterly meeting, prepare Quarterly Audit Reports, and Audit Committee Reports and recommendations that will be raised to the Board of Directors.- Selected by the organization's management as an Audit Committee member in Raysan Arabian Real Estate Development Company.- Selected by the organization's management as independent observer member in both Business Continuity and Information Security Committees.

Perform risk assessments for the development of the annual audit plan focusing on IT applications, information, processes, and governance, and the planning of audit engagements;Perform detailed review of Information Technology which will cover application, DB and OS. Also, reviewing the IT services and processes such as Change Management, Business Continuity etc.Assess the effectiveness and efficiencies of internal controls for the processes audited and makes recommendations for continuous improvement. Regularly inform the Head of IT Audit of the status of the audits in progress and of any significant issues on a timely basis;Discuss, as appropriate, on a timely manner audit findings with the management of audited area to clarify or confirm findings;Prepares the draft audit report to be discussed during the closing meeting;and then finalizing the Final Audit Report. Perform additional duties as assigned by the Internal Audit management such as preparing the audit status report every 2 months regarding all issues in the Bank which will be represented to the Audit Committee and all respective GMs (Head of Bank's Groups)Perform the first line of technical and operational support regarding the Audit Software that we are using in the Bank for both Audit Coordinators (in all business areas) and Auditors.

Examining, reviewing and evaluating IT related controls. This includes reviewing the following: Physical Security controls to ensure that only authorized personnel are allowed to access a facility, resource, or information. Logical Access to ensure that access is granted based on business need and make sure that user access reviews are performed in regular basis based on the criticality of the system and also based on Business Impact Analysis (BIA).Change management processes/procedures to ensure that changes are authorized and they meet business requirements.Source code/version control procedures to ensure the integrity of the program code.SDLC process and procedure to ensure that IT projects are effectively managed.Problem/Incident management procedure to ensure that operational processing errors/incidents are addressed and also to make sure that first line support are working effectivelyHardware/software configuration, installation and testing to ensure they have been configured & installed based on the standards.BCP, DRP and backup to ensure the business continuity incase of any disaster.Agreements e.g. SLAs, Escrow agreements and Non-Disclosure agreements (confidentiality agreements) to ensure they are in place.KPIs / KRIs are identified and documented to ensure the success of the particular activities and to ensure that a risk occurs is prevented/mitigated. Also, I have participated in some Business Continuity tests as Test Monitor to ensure the success of the test and also to provide test coordinator with any comments or observations. Audit Assignments conducted include: Data Center, Information Management, Active Directory, Change Management, Call Center, Internet Banking, Retail Core Systems, Network Management etc.