GIA IT Audit Specialist

The World Bank Group is seeking an IT Audit Specialist to contribute to assurance and advisory engagements covering IT, Data Management, and strategic initiatives. The role involves assessing risks, executing audit procedures, and developing risk-based insights in complex technology-enabled environments.

Responsibilities

• Leading sections of risk assessments of business units, processes, and technologies to inform audit planning
• Managing multiple audit and advisory engagements in parallel, including leading assigned workstreams with limited supervision
• Executing audit procedures across areas such as technology governance, cybersecurity, cloud and hybrid environments, data governance, enterprise platforms, and digital transformation initiatives
• Assessing risks and controls related to emerging technologies, including artificial intelligence (AI), automation, APIs, and modern application architectures
• Developing process documentation, control narratives, audit work programs, and testing approaches
• Performing control testing, conducting stakeholder interviews, and documenting audit results
• Drafting clear findings and developing practical, risk-based insights for management consideration
• Contributing to integrated audits that span business processes, systems, data, and technology domains
• Using data analytics, automation, and technology-enabled audit techniques to enhance risk assessment, testing, and insight generation.

Requirements

• At least 5 years of experience in IT audit, technology risk, cybersecurity, digital assurance, or related advisory roles, preferably in complex environments such as financial institutions, consulting firms, or international organizations
• Master’s degree or equivalent experience with Bachelor’s degree
• CISA certification required; other relevant certifications (e.g., CISSP, CRISC, CISM, CIA, or cloud/security certifications) are strongly preferred
• Experience supporting audits, advisory engagements, or projects involving technology-enabled processes, system implementations, or digital transformation initiatives
• Practical exposure to key risk domains such as cybersecurity, cloud computing, data protection, and identity and access management
• Awareness of emerging technology risks, including AI governance, automation, cloud adoption, cyber resilience, and third-party risk
• Good understanding of enterprise technology environments, including infrastructure, applications, data, and secure development practices
• Experience using data analytics or other technology-enabled audit techniques to support assurance activities
• Ability to identify and assess risks related to evolving threat landscapes, including areas such as ransomware, data privacy, and operational resilience
• Strong analytical, communication, and stakeholder engagement skills, with the ability to synthesize information and communicate clearly
• Ability to work effectively in multidisciplinary and multicultural teams, with a collaborative, adaptable, and learning-oriented mindset
• Effective oral and written communications skills
• Demonstrates a continuous improvement mindset, openness to feedback, and willingness to develop expertise in evolving business, technology, and risk environments while working collaboratively across functions.

Skills

• IT Audit
• Technology Risk Management
• Cybersecurity
• Digital Assurance
• CISA Certification
• Cloud Computing
• Data Protection
• Identity and Access Management
• AI Governance
• Automation Risk
• Cyber Resilience
• Third-Party Risk Management
• Enterprise Technology Environments
• Secure Development Practices
• Data Analytics
• Technology-Enabled Audit Techniques
• Risk Identification and Assessment
• Audit Procedures
• Stakeholder Engagement
• Written Communication

Languages

English