IT Security Lead Internal Auditor

at International Committee of the Red Cross
Published August 14, 2022
Location Makati City, Philippines
Category Computer & IT  
Job Type Full Time  


Job Purpose


To support Internal Audit in the discharge of its duties by evaluating the relevance, effectiveness and efficiency of ICRC’s governance, risk-management and control processes at headquarters and in the field.


His/her specific focus within Internal Audit will be on information technology security, while also contributing to other assignments.


Main Responsibilities


As a member of the team, you will perform the following tasks on the basis of the International Professional Practice Framework (IPPF) of the Institute of Internal Auditors (IIA):


Perform audit engagement as per the approved annual audit plan.


the ICRC’s governance, risk management, internal control systems, strategies and operations;

the ICRC’s compliance with laws, regulations, strategies, policies and procedures in place;

whether the ICRC’s resources are used in an effective and efficient manner and are protected adequately;

key information security risks including confidentiality, integrity and effectiveness of use of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defence in depth strategies.

Write audit reports and communicate results and recommendations.

Contribute to the methodology and strategy of Internal Audit and support the team in studying and identifying trends in key areas of concern.

Maintain high quality work standards and remain up to date with the evolution of standards and practices.

May coordinate a small team in the conduct of audit engagements in complex environments.

Provide expertise and input as per your area(s) of specialization into audit assignments or investigations, as needed / requested by the Internal Audit management.

Improve data-related internal audit processes and effectiveness through proactive automation and analysis, where appropriate

Selection Requirements and Profile


Advanced university degree in a relevant field.

Experience of 12-15 years in conducting vulnerability assessments, penetration testing, security risk assessments and similar IT security audit and compliance related work.

Sound practical understanding of IT security controls and requirements, including security control frameworks (e.g. NIST, CIS).

CISSP, CISM, GSEC, CEH, CREST, OSCP, CCSP, CISA or equivalent certifications highly preferable.

Very good command of English; any other ICRC-official languages (i.e. French, Spanish, Arabic, Russian) an asset.

Ability to work in a complex and evolving environment autonomously.

Critical thinking, teamwork, interpersonal and communication skills.

What We Offer


Progressive professional development in a leading humanitarian organization operating worldwide

Stimulating career plan and benefits package

Flexible working hours and travel opportunities

How to apply


To be considered for this position, you will need to submit the following requirements in one PDF file by email.

  • comprehensive and updated CV in English


  • motivation letter


Please use this format for the subject line: SURNAME First Name - IT Security Lead Internal Auditor


The position is only open to legal residents of the Republic of the Philippines.

Drop files here browse files ...