Senior Officer/Officer – IT Audit

Job Scale/ Grade: Up to M6 Min. Experience Required: Minimum 3(three) years of experience related to IT operations or IT/IS audit. Vacancies/Slots: 1 (Islamabad) Key Responsibilities Assist Head of Internal Audit in developing annual/interim risk based IT audit Plan. Conduct risk based IS audits of infrastructure, applications, databases, and IT general controls (ITGC). Evaluate the effectiveness of internal controls related to information security, data privacy, disaster recovery, and business continuity planning. Perform vulnerability assessments, configuration reviews, and compliance testing. Review the effectiveness of IT policies, procedures, and governance frameworks. Prepare clear, concise, and timely audit reports with practical recommendations. Follow up on audit findings to ensure proper remediation and closure. Collaborate with IT and business units to promote continuous improvement in IT risk management. Assist in developing audit programs and risk assessment frameworks. Stay updated on emerging cybersecurity threats, technologies, and industry best practices. Ensure compliance with regulatory frameworks and relevant local/international laws. Perform bank’s various IS / cybersecurity certifications as required by the State Bank of Pakistan (SBP). Perform any other tasks assigned by the Head of Internal Audit to discharge the internal audit functional responsibilities. Any other task assigned by line management. Core Competencies Strong understanding of IT controls, systems architecture, and cybersecurity principles. Familiarity with audit tools and Microsoft/Linux environments. Analytical mindset with strong problem-solving and critical-thinking skills. Excellent report writing, communication, and interpersonal skills. Ability to work independently and in a team environment under tight deadlines. Knowledge of SBP’s guidelines preferred. Qualification: Minimum of 16 (sixteen) years’ education having majored in Computer Science, Information Security, IT, or relevant fields from a leading local or international university recognised by the Higher Education Commission (H.E.C.) of Pakistan. Certified Information Systems Auditor (CISA) will have an added advantage.