QNB3653 - Associate, Information Security Audit (Qatarization)

About QNB Established in 1964 as the country's first Qatari-owned commercial bank, QNB Group has steadily grown to become the largest bank in the Middle East and Africa (MEA) region. QNB Group's presence through its subsidiaries and associate companies extends to more than 31 countries across three continents providing a comprehensive range of advanced products and services. The total number of employees is more than 28,000 serving up to 20 million customers operating through 1,000 locations, with an ATM network of 4,300 machines. QNB has maintained its position as one of the highest rated regional banks from leading credit rating agencies including Standard & Poor's (A), Moody's (Aa3) and Fitch (A+). The Bank has also been the recipient of many awards from leading international specialised financial publications. Based on the Group's consistent strong financial performance and its expanding international presence, QNB currently ranks as the most valuable bank brand in the Middle East and Africa, according to Brand Finance Magazine. QNB Group has an active community support program and sponsors various social, educational and sporting events.Job SummaryThe incumbent will support audits covering the Information Security Audit portfolio as a member of the Group Internal Audit Function. The role provides independent assurance on the effectiveness of controls over technology risks, cybersecurity threats, data governance, and digital transformation initiatives across the enterprise. It also supports the strategic implementation and integration of advanced data analytics tools and continuous auditing techniques across the audit function to enhance efficiency and real-time risk monitoring. This role requires full compliance with the GIAD Group Audit Manual, IIA standards, and all relevant local regulations and industry IT audit standards. As a member of the Group Internal Audit Function, this role ensures technology risks are effectively integrated into the overall audit strategy and contributes to strengthening the organization's resilience against evolving cyber threats. Main Responsibilities Essential Duties & Responsibilities By DimensionsShareholder & Financial: Contribute to the execution of the risk-based annual plan that aligns with the Group Internal Audit strategy and helps safeguard critical IT assets, data, and systems that underpin the organization's financial operations and shareholder value.Assist in identifying significant IT and cybersecurity risks that could lead to financial loss, operational disruption, or reputational damage, providing actionable recommendations to mitigate these risks.Assess the efficiency and effectiveness of IT investments and technology-related processes.Implements KPIs and best practices for the Global IT and Information Security audit function.Promote cost consciousness and efficiency and enhance productivity, to minimise cost, avoid waste, and optimise benefits for the bank.Act within the limits of the powers delegated to the incumbentDemonstrate clear understanding of the drivers behind the bank's financial & non-financial performance.Customer (Internal & External): Build and maintain strong, independent, and collaborative relationships with relevant business and support function staff and stakeholders across the Group. Communicate complex technical audit findings, cyber risk assessments, and recommendations to senior stakeholders as directed, translating technical jargon into clear business implications. Provide advisory services to IT and business leaders on IT governance, information security, and technology risk management. Assist internal customers in queries on Bank's product and seek solutions. Maintain activities in accordance with SLAs with internal departments to improve turnaround times. Build and maintain strong relationships with related departments to achieve the Group's objectives.Internal (Processes, Products, Regulatory): Act as a team member on audit engagements for the Information Security Audit portfolio across infrastructure, applications, data management, network security, access controls, incident response, and business continuity, in full compliance with GIAD Group Audit Manual, IIA IPPF, and ISACA IT audit standards. Support the team leader in executing engagements, planning risk assessments, fieldwork, reporting, and issue follow up. Ensure collaboration across domestic subsidiaries and control/risk functions. Support the delivery of Information Security audits and assess the adequacy of information security frameworks (e.g., ISO 27001, NIST, COBIT), IT governance, and disaster recovery. Identify and report IT control weaknesses and cybersecurity vulnerabilities with actionable recommendations. Ensure consistent application of IT audit methodologies and incorporate data analytics and continuous auditing into the practice. Stay abreast of global IT trends and develop skills in data analytics and continuous auditing. Maintain compliance with leg