Senior Internal Auditor (IT Audit)

IMI is a privately-owned, global media group headquartered in Abu Dhabi, UAE, with operations across 19 countries. Our portfolio includes renowned media brands such as Sky News Arabia as part of a joint venture with Sky UK, The National, Al-Ain News, CNN Business Arabic, and a minority stake in Euronews.

Additionally, through Redbird IMI, our joint venture with Redbird Capital Partners, we invest in leading media, sports, and entertainment brands worldwide. We bring the world closer by sharing stories that open minds, connect people, and enrich lives, empowering audiences with news, knowledge, and factual entertainment.

Role Summary:

The Senior Internal Auditor (IT Audit) is responsible for identifying, assessing, and evaluating IT and technology-related risks across IMI and its subsidiaries, with a particular focus on IT systems, cybersecurity, digital platforms, and IT governance frameworks.

The role is responsible for preparing and executing risk-based internal audit plans, developing audit programs, preparing working papers, and drafting clear and comprehensive audit reports in line with the Internal Audit Manual and International Internal Audit Standards.

The Senior Internal Auditor (IT Audit) ensures audit assignments are delivered efficiently, professionally, and with strong technical understanding of IT environments, cybersecurity controls, and digital risk exposure. The role also supports ad hoc investigations and assignments as directed by the Group Internal Audit Director (GIAD).

Key Responsibilities:

Audit Planning

• Plan and arrange internal audit planning meetings and agree with the GIAD on the IT/Technology audit approach, scope, and objectives in line with the approved Internal Audit Plan.
• Participate in opening meetings with the Head of the Function under review, with a focus on IT systems, cybersecurity controls, and digital platforms.
• Draft and finalize minutes of audit planning meetings for approval.

Risk Assessment and Testing Strategy

• Conduct IT and cybersecurity risk assessments, including application, network, infrastructure, cloud, technology, and digital platform risks.
• Develop and maintain a technology-focused risk register covering cybersecurity, data protection, access management, system integrity, network, and IT governance.
• Define audit objectives, scope, and testing strategies aligned with IT control frameworks and best practices.
• Prepare detailed audit programs addressing IT general controls (ITGCs), application controls, cybersecurity controls, and third-party/vendor risks.
• Prepare a detailed scope letters to the Head of Function under review outlining audit coverage and expectations.
• Update audit plans, risk assessments, and testing strategies as required.

Audit Execution

• Execute IT-focused internal audit engagements to assess the design and effectiveness of IT general controls, application controls, cybersecurity frameworks, digital platform governance, and other technology-related risk management process, including access management, change management, IT operations, backup and recovery, threat management, incident response, network security, data protection controls, cloud environments, and third-party IT service providers.
• Execute technology focused internal audit engagements across Studio Operations, Technical Operations, Creative, and other media-related functions.
• Ensure adequate documentation and evidence is obtained to support audit conclusions and sign off working papers.
• Assess and validate identified issues, management responses, and recommend practical, risk-based remediation actions.

Audit Reporting

• Prepare clear, structured internal audit reports with a strong focus on IT and cybersecurity risks and present findings to the GIAD.
• Ensure all audit issues are properly documented in working papers with sufficient evidence and clarity.
• Apply appropriate risk ratings and prioritization of IT and cybersecurity findings.
• Review and incorporate management responses into final audit reports.
• Provide regular updates to the GIAD on the status of ongoing assignments.
• Attend closing meetings with the Head of Function to present IT audit findings and agreed recommendations.
• Issue final audit reports upon GIAD approval.

Follow Up Assignments

• Conduct follow-up audits to verify timely and effective implementation of agreed IT and technology remediation actions.
• Report progress on corrective actions and outstanding risks to the GIAD.

General

• Contribute to the development and enhancement of the annual Internal Audit Plan with a focus on IT, cybersecurity, and digital risk areas.
• Support and execute special investigations as directed by the GIAD.
• Ensure full compliance with the Internal Audit Charter, methodology, and International Internal Audit Standards.

Job Requirements:

• Strong analytical thinking, attention to detail, and problem-solving skills with a technology risk mindset.
• Strong understanding of IT governance, cybersecurity principles, and digital risk management frameworks.
• Knowledge of IT General Controls (ITGCs), application controls, and cybersecurity frameworks (e.g., NIST, ISO 27001).
• Excellent communication, report writing, and stakeholder management skills.
• Ability to manage multiple audits in a fast-paced, dynamic environment.
• Fluency in English (written and spoken). Arabic is a plus.
• Minimum 7 years of audit experience, preferably in Big 4 firms or within media/technology-driven organizations.
• At least 2 years in a senior audit role with exposure to IT audit, infrastructure, network, applications, ERP systems, digital platforms, cybersecurity audit, or digital transformation risk.
• Bachelor’s degree in IT, Computer Science, or Cybersecurity..
• Professional certification such as CIA, or CISA is highly preferred..