IT Internal Auditor

Job description:

Department: Internal Audit & Risk Governance
Reports To: Chief Executive Officer (CEO) / Board Audit Committee
Location: VConn Pvt. Ltd, Karachi.
Job Type: Full-Time | Onsite
Experience Required: 5–8 years in tech-driven internal audit roles
Certifications: ISO 27001:2022 Lead Auditor – Mandatory | CISA, CISM – Preferred

Role Purpose:

To establish a robust internal control environment across all technical, operational, and compliance functions of the organization by independently auditing systems, practices, and controls related to software development, DevOps, cloud platforms, datacenter infrastructure, IT operations, security frameworks, project governance, and SLA compliance. This role is critical to ensure that VConn Pvt. Ltd. aligns with ISO 27001:2022, industry’s best practices, and its own internal governance standards.

Key Responsibilities:

1. Technology & Development Audits

• Audit full SDLC processes across .NET, Java, and Microservices-based applications.
• Assess control mechanisms within DevOps pipelines, versioning systems (Git), CI/CD processes, and containerized deployments (Docker, Kubernetes).
• Validate code promotion, change requests, rollback mechanisms, and test case coverage.

2. Cloud & Data Center Security Compliance

• Conduct in-depth audits of cloud infrastructure (AWS, Azure, GCP) focusing on IAM, encryption, storage policies, firewall rules, and backup policies.
• Evaluate data center operations including uptime reporting, physical security, patching, BCP/DR implementation, and vendor SLA adherence.
• Ensure adherence to cloud security frameworks (CSA, CIS, NIST).

3. ISO 27001:2022 & Information Security

• Perform internal audits against ISO 27001:2022 control domains including risk assessment, access control, incident response, and compliance monitoring.
• Identify gaps in ISMS processes and guide remediation and continual improvement plans.
• Ensure evidence collection, policy enforcement, and audit trail maintenance.

4. Project Management & QA Process Review

• Evaluate PMO governance, project documentation, sprint delivery, cost estimation controls, and project tracking using tools like Jira or Trello.
• Review SQA practices, including manual/automated testing strategies, bug lifecycle, regression management, and release audit trails.

5. Service Delivery & SLA Monitoring

• Review contractual SLAs and monitor internal/external delivery performance.
• Audit support tickets, downtime logs, client escalations, and RCA quality.
• Recommend controls to prevent SLA breaches and maintain service quality benchmarks.

6. IT & Infrastructure Risk Management

• Assess internal controls in areas such as endpoint security, network configuration, firewall logs, VPN access, patch management, and incident response.
• Review IT asset registers, procurement, lifecycle management, and end-of-support risks.

7. Reporting & Corrective Action Oversight

• Compile risk-ranked audit reports with high-impact findings and recommendations.
• Present audit results to the CEO and Board Audit Committee with measurable action plans.
• Track closure status of audit findings and assess post-remediation effectiveness.

Required Qualifications

Education:

• Bachelor’s/master’s in information security, Computer Science, Software Engineering, or equivalent.

Certifications:

• Mandatory: ISO 27001:2022 Lead Auditor
• Preferred: CISA, CISM, CEH, or relevant security/governance certifications

Experience:

• 5–8 years of experience in IT/Software industry with a focus on internal audit or security compliance
• Must have practical experience auditing:
• .NET, Java, Microservices-based architecture
• DevOps & CI/CD tools (Git, Jenkins, Azure DevOps, Docker, Kubernetes)
• Cloud infrastructure security (AWS, Azure, GCP)
• SQA processes and automation tools
• PM frameworks and tools (Agile/Scrum, Jira, Trello)
• Data Center & IT Infrastructure operations
• SLA performance and IT support functions

Key Skills & Competencies

• Strong knowledge of ISO 27001:2022 domains and technology compliance frameworks
• High technical audit proficiency across development, operations, and security layers
• Ability to independently lead technical audits and present findings to executive leadership
• Advanced analytical thinking, risk assessment, and documentation skills
• Strong ethics, confidentiality, and business process awareness
• Excellent communication, reporting, and stakeholder influencing skills

Tools & Platforms Exposure (Preferred):

• DevOps: Jenkins, GitLab CI/CD, Azure DevOps
• Cloud: AWS, Azure, GCP (IAM, VPC, S3, EC2, RDS, Security Groups)
• Development: Visual Studio, IntelliJ, Eclipse, Postman
• QA: Selenium, JUnit, TestNG, Zephyr, TestRail
• Project Tools: Jira, Confluence, ClickUp
• Monitoring: Zabbix, Prometheus, Grafana
• Infrastructure: Fortinet, Cisco, VMware, Hyper-V

Reporting & Governance Structure:

• Direct Reporting: Chief Executive Officer (CEO)
• Dotted-Line Reporting: Board Audit Committee / Risk & Governance Lead
• Audit Types: Scheduled, Unscheduled, Compliance-Driven, Operational, IT Security

Career Progression:

• Audit & Risk Manager
• Head of Governance & Compliance
• Chief Information Security Officer (CISO)

Job Type: Full-time

Work Location: In person