IT Security Lead Internal Auditor (for Philippine Residents ONLY)

Job Purpose

To support Internal Audit in the discharge of its duties by evaluating the relevance, effectiveness and efficiency of ICRC’s governance, risk-management and control processes at headquarters and in the field.

His/her specific focus within Internal Audit will be on information technology security, while also contributing to other assignments.

Main Responsibilities

As a member of the team, you will perform the following tasks on the basis of the International Professional Practice Framework (IPPF) of the Institute of Internal Auditors (IIA):

• Perform audit engagement as per the approved annual audit plan.
• Evaluate:
• the ICRC’s governance, risk management, internal control systems, strategies and operations;
• the ICRC’s compliance with laws, regulations, strategies, policies and procedures in place;
• whether the ICRC’s resources are used in an effective and efficient manner and are protected adequately;
• key information security risks including confidentiality, integrity and effectiveness of use of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defence in depth strategies.
• Write audit reports and communicate results and recommendations.
• Contribute to the methodology and strategy of Internal Audit and support the team in studying and identifying trends in key areas of concern.
• Maintain high quality work standards and remain up to date with the evolution of standards and practices.
• May coordinate a small team in the conduct of audit engagements in complex environments.
• Provide expertise and input as per your area(s) of specialization into audit assignments or investigations, as needed / requested by the Internal Audit management.
• Improve data-related internal audit processes and effectiveness through proactive automation and analysis, where appropriate

Selection Requirements and Profile

• Advanced university degree in a relevant field.
• Experience of 12-15 years in conducting vulnerability assessments, penetration testing, security risk assessments and similar IT security audit and compliance related work.
• Sound practical understanding of IT security controls and requirements, including security control frameworks (e.g. NIST, CIS).
• CISSP, CISM, GSEC, CEH, CREST, OSCP, CCSP, CISA or equivalent certifications highly preferable.
• Very good command of English; any other ICRC-official languages (i.e. French, Spanish, Arabic, Russian) an asset.
• Ability to work in a complex and evolving environment autonomously.
• Critical thinking, teamwork, interpersonal and communication skills.

What We Offer

• Progressive professional development in a leading humanitarian organization operating worldwide
• Stimulating career plan and benefits package
• Flexible working hours and travel opportunities