General Employment - Other General Employment
- Provide Organisational and IT management with guidance on IT risk management matters, particularly on application and infrastructure security.
- Responsible for developing and maintaining the IT Risk Assessment in the Audit and Risk division under the oversight of the Chief Audit Executive; including identifying areas where business units should consider additional projects and areas internal audit should focus.
- Conduct audits or lead audit teams in the performance of IT audits and reviews of systems, applications, and IT processes. Prepare and report results to the Chief Audit Executives and Audit Committees. These include:
- Perform pre-and post- implementation reviews of system implementations or enhancements.
- IT security audits (e.g., network, operating system, and data centre), including evaluating if security vulnerabilities are properly identified and mitigated. Coordinate the scope and performance of these reviews with business units
- Evaluate information general computing controls and provide value-added feedback. Test compliance with those controls.
- Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery, and information security to ensure that controls surrounding these processes are adequate.
- Develop, build & implement tools to analyse data to improve audit efficiency and effectiveness, (including for risk assessments). Ultimately be a source for analytics that business units adopt to provide business insights or for continuous auditing.
- Conduct audits or lead audit teams in operational/financial audits.
- B Com in Financial Information Systems, B. degree in information technology, informatics or equivalent,
- Certificate for Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA)
- Knowledge of: COSO, COBIT, ISO 270001, and NIST Frameworks.
- ISACA membership
- CEH or CISSP will be added advantage
- At least 5 years’ experience in Information Systems/IT Audits
- At least 3 years in Network/ Cybersecurity audits
- Project assurance audits (SDLC) will be added advantage