IT Audit & Compliance Manager

 The IT audit and compliance Manager will be responsible for demonstrating our commitment to security, compliancy and privacy within the company and to external parties by driving our continued compliance efforts with external and internal requirements. This includes maintaining the security controls required by SOX, CDP, PCI, ISO 00X and other regulatory compliance frameworks.
RESPONSIBILITIES :
• Lead teams and efforts to ensure effective execution of periodic risk assessments and drive integration of remediation efforts with the risk management process.
• Work with Management, VP group and auditors to ensure IT security policies and compliance are being implemented, reviewed, maintained and governed effectively.
• Evaluating the design and effectiveness of security controls SOX, CDP, PCI, ISO 00X, including company private cloud according to Cloud Security Alliance.
• Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls.
• Lead and perform activities to help measure and monitor compliance with contractual security requirements, company policies and procedures to ensure the account is compliant and audit ready.
• Lead different compliance & audit testing programs and support successful completion of various external compliance certification programs and internal compliance assessments.
• Enhance and modify IT control environments in accordance with the Vimpelcom Control Framework.
• Updating the OTA control objectives (General and application controls) based on SOX, GSRF, COBIT and ISO 00X.
• Undertaking IT security advisory engagements.
• Audit Planning of existing systems ( internal & Managed service) and provide comprehensive risk assessments
• Appoint and guide a team of IT security auditors and deal with internal and external auditors.
• Identifying and communicating IT audit findings to Management and VP Group.
• Conduct risk assessments of OTA Systems, Network, and business/IT process and procedures to identify areas of significant risk and identify root causes
• Prepare the Security controls (General and Application controls)