Role Purpose

The IT Security Assistant supports the IT Security function by ensuring ongoing audit readiness, regulatory compliance, and effective remediation of IT-related audit findings. The role focuses on coordinating, tracking, and reporting audit activities while assisting in maintaining and strengthening the organisation’s information security posture. This position contributes to enforcing internal controls, supporting policy development, and aligning IT practices with regulatory and industry best-practice standards.

Key Responsibilities

Audit Coordination & Support

• Act as the primary point of contact for internal and external IT audit engagements.
• Coordinate audit planning, walkthroughs, evidence collection, and status meetings.
• Maintain and manage a comprehensive register of IT-related audit findings through to closure.
• Proactively engage IT management to ensure timely resolution of audit issues.

Tracking & Reporting

• Maintain dashboards and trackers for audit findings, exceptions, and risk treatment plans.
• Follow up with stakeholders on evidence submission and remediation progress.
• Prepare regular status reports, executive summaries, and audit readiness metrics for IT leadership.

Documentation & Compliance

• Draft, update, and review IT policies, procedures, standards, and guidelines in line with audit and regulatory requirements.
• Support regulatory submissions and compliance questionnaires (e.g. POPIA, ISO, COBIT, NCA, SWIFT CSP).
• Maintain audit logs and IT documentation repositories in an audit-ready state.

Issue Remediation & Risk Management

• Liaise with IT teams to validate remediation actions and close audit findings within agreed timelines.
• Draft remediation plans, risk acceptance motivations, and deferred action justifications.
• Facilitate root cause analysis for recurring or high-risk findings.

Risk & Control Improvement

• Collaborate with Audit, Risk, and Governance teams to strengthen IT controls.
• Recommend improvements to control design and standard operating procedures.
• Support IT risk assessments, including regulatory, group, and third-party assessments, and track mitigation actions.
• Stay informed on relevant legislation, regulations, and governance requirements impacting IT security.

Policy & Framework Alignment

• Support alignment of IT controls with frameworks such as COBIT, ITIL, NIST, TOGAF, and ISO/IEC 27001.
• Promote awareness and compliance with IT security policies and control requirements across IT teams.

IT Security Support

• Assist with monitoring and responding to security alerts, incidents, and vulnerabilities.
• Perform routine checks on system logs, access controls, and security tools.
• Maintain and update security documentation and procedures.
• Support user security awareness initiatives and promote best practices.
• Provide first-line support for security-related queries.
• Assist with administration of security tools including firewalls, antivirus, endpoint protection, and vulnerability management.
• Maintain an inventory of IT security assets and licenses.
• Provide general support to the IT Security Manager and broader IT team as required.

Requirements

Qualifications

• National Diploma or Degree in Information Technology, Computer Science, or a related field.
• Preferred certifications: CISA, CRISC, CGEIT, or ISO 27001 Lead Implementer/Auditor.

Experience

• 2–3 years’ experience in IT audit, IT risk, IT compliance, or GRC-related roles.
• Experience within banking or financial services environments is advantageous.
• Familiarity with regulatory environments such as SARB, FSCA, or international equivalents.

Technical Competencies

• Solid understanding of IT General Controls (ITGC), audit methodologies, and risk frameworks.
• Proficiency in Microsoft Excel, PowerPoint, and reporting tools (e.g. Power BI).
• Exposure to ITSM tools and GRC platforms (e.g. service desk systems or audit management tools) is beneficial.