IT Auditor - 6 months project - Saudi - immediate Join

Duration: 6 Months (Extendable up to 1 Year)

Location: Riyadh, Saudi Arabia

Department: Technology Department

1. Role Summary

We are seeking a highly skilled IT Audit & GRC Specialist for a secondment engagement within the

Technology Department. The role will support comprehensive assessments of IT controls,

governance, project management, data protection, and system processes across the technology

landscape. The specialist will play a key role in improving IT governance, operational resilience,

and control effectiveness.

2. Key Responsibilities

A. IT Audit & Technology Risk Assessment

- Perform risk-based IT control reviews across infrastructure, applications, and operations.

- Conduct technology risk assessments and identify key vulnerabilities.

- Evaluate the effectiveness of IT General Controls (ITGC), including access, change, and

operations.

- Review core business and operational applications for configuration, security, and control gaps.

B. Third-Party & Vendor Risk Management

- Conduct detailed third-party and vendor risk assessments.

- Review contractual compliance, SLA management, and cybersecurity requirements.

- Evaluate outsourcing risks in alignment with regulatory and industry best practices.

C. IT Strategic Projects & SDLC Review

- Review governance of major technology initiatives and strategic IT projects.

- Assess SDLC practices, including development, testing, deployment, and post-implementation

reviews.

- Review project documentation, quality assurance activities, and change controls.

D. Technology Operations & Service Management

- Assess IT Service Management (ITSM) processes such as incident, problem, and change

management.

- Review IT Quality Management processes to ensure standards and documentation integrity.

- Evaluate IT Asset Management, including asset lifecycle, tracking, and physical/logical controls.

E. Data Governance, Backup & Recovery

- Review data governance policies, roles, ownership, and data classification practices.

- Assess database security, access management, monitoring, and hardening activities.

- Evaluate backup processes, retention policies, and disaster recovery alignment with RPO/RTO

targets.

- Review overall technology resilience and data protection controls.

F. Reporting & Advisory

- Prepare structured assessment reports and improvement recommendations.

- Present findings to Technology Department leadership and support remediation planning.

- Provide advisory guidance on improving IT governance, cybersecurity posture, and operational

controls.

3. Experience Required

- 4 to 7 years of experience in IT Audit, GRC, Technology Controls, or related fields.

- Preferably from Big 4 or reputable consulting firms.

- Experience working with Banking, Insurance, or Financial Institutions (DFIs).

4. Qualifications

- Bachelor’s degree in Computer Science, Information Technology, or Cybersecurity.

- Professional certifications: CISA (mandatory or in progress), CRISC preferred.

- Knowledge of COBIT, ISO 27001, ITIL, NIST CSF, and other relevant frameworks.

5. Engagement Details

- Secondment duration: 6 months, extendable up to 1 year based on performance requirements.

- Reporting to: Technology Department leadership and project owners.

- Work Model: Onsite

6. Behavioral Competencies

- Strong analytical and problem-solving skills.

- Excellent communication and documentation capabilities.

- Ability to work independently and collaboratively within the Technology Department.

- High level of professionalism, confidentiality, and organizational awareness.