SUMMARY:
Internal IT Auditor - JHB - BEE requirement - CISA / CISM
POSITION INFO:
The purpose of the job is to focus on the delivery of IT Audit and IT Assurance related engagements. The entire function aims to be a leading internal audit team with the use of best-in-class audit methodology, data analytics and advanced artificial intelligence. This is an office-based role.
Responsibilities/ Work attributes
• Providing IT, data analytics and cyber security expertise to the Internal Audit Team.
• Lead and deliver ITGC(ISA315), application and cyber security reviews across different clusters and companies within the Division.
• Collaborate with the other members of the IA team to provide guidance and IT expertise to support delivery of non- IT audits.
• Collaborate with the other members of the IA team and enable their analytics needed – source the data, assist with building the analytic and support the interpretation thereof.
• Promote ALICE across the division, working with the relevant team members in interpreting the results and offering guidance on resolving their findings.
• Plan, scope and execute IT audits across the division for areas not covered by ALICE (projects/ BCP/ DRP’s/ ITGC/ cyber reviews/ application controls etc.)
• Where needed, represent IA on various IT steering Committees for new system implementation.
• Perform annual IT Audit planning in collaboration with the various Divisional CIO’s and IT Teams.
• Effective time management of concurrent projects and divisional initiatives, including providing support to junior staff.
• Innovation and investment of skills in developing a cost-effective approach to data analytics.
Competencies or key attributes
The incumbent must:
• Be positive, self-motivated and independent person, who can work without constant supervision, both on his/ her own, and needs to know when to contact others for assistance;
• enjoy what he/she is doing, and should preferably be comfortable with being in Internal Audit in the medium term;
• be able to handle stress, pay attention to detail and pride himself/ herself on quality work, be able to work under pressure and run several tasks or projects at the same time as well as ability to plan and prioritise.
• be able to work effectively to meet deadlines;
• have proven internal audit skills;
• can identify and assess business risks;
• be impartial, unbiased and objective;
• be assertive, decisive, diplomatic and tactful, and be able to take a stand to defend personal views and opinions;
• have excellent verbal and written communication skills;
• can interact at all levels (meetings are held with senior executives of various operational clusters, audit committee members and CEO and CFO of the Division);
• have good business acumen;
• be presentable, professional and confident;
• be focused and disciplined;
• be target/ results driven with a sense of urgency to get things done;
• pay attention to detail/ be methodical/ analytical;
• can work unsupervised;
• be willing to, and be able to travel (and spend approximately 35% of time out of town);
• be flexible and able to adapt to varying environments and cultures that exist in each operational cluster or business unit.
• be innovative and constantly seek improved ways to audit efficiently in a manner that will suit the organisational environment and culture.
Knowledge and Skills
Specialized Technical Capabilities:
• Ability to form a core technology and data risk skillset through proactively conducting research, and participating in internal and external initiatives.
• Understands and apply major program management approaches and practices (e.g., COSO, ITIL, COBIT, NIST, CIS, COBIT for SOX)
• Develop a strong knowledge of technology and data management frameworks (e.g., Technology Risk, Data Risk, Cyber Risk Maturity Model) by conducting independent research, and attending workshops, seminars, and training programs.
• Become familiar with technology and data risk, as well as industry-specific regulations; keeps up to date with emerging trends.
• Business report writing demonstrates ability to ‘translate’ technical concepts to non-IT audience.
Executes Assurance Engagements:
• Ability to enhance quality of assurance engagements by identifying risks, performing testing, researching governing regulations, and developing reports.
• Uses industry leading frameworks and tools to analyze client’s documentation and identify risks that require control assurance.
• Tests validify client’s historical financial and non-financial information, leveraging relevant standards (e.g. ISAE 3000), as appropriate.
• Develops timeous assurance reports to accurately present risks, related controls, and the effectiveness of those controls.
• Ensure findings and recommendations are aligned with the audit objectives by keeping in mind the engagement business context when performing technical work during the assessment process to ensure all risk facets are considered.
Technical competencies:
• Solid grasp of technical skills and methodology.
• Demonstrated knowledge and technical skills on “core operating systems” e.g., Windows, UNIX, etc. as well as awareness and ability to identify risks related to in-house developed systems.
• Demonstrated knowledge and experience in performance of business process and automated controls testing on the more common applications.
• ERP security and technical knowledge (SAP, Dynamics 365 etc.) including financial accounting (FI) modules.
• A good understanding of how to link risks and controls to ensure test steps and controls and risks all speak to each other; ability to research “unknown” systems or audit in-house developed systems, i.e. problem-solving/logic capabilities.
• Developing Digital fluency and knowledge on Emerging technologies, including Cloud, RPA, AI, etc.
Behavioral Competencies:
• Demonstrates ability to work efficiently and meet all deadlines consistently.
• Displays initiative and confidence.
• Takes accountability for delivery of own work, running projects end to end individually and with minimal instruction.
• Active participation and proactive attitude to service delivery.
• Deadlines and quality driven, self-starter.
• Works well within a team and with client management, as well as individually when required.
• Strong analytical skillset.
• Good communicator and collaborator, strong business/ report writing skills.
Experience
Minimum Experience:
• 5 years’ working experience in a client-facing role.
Desired Experience:
• Experience in a client facing role.
• Demonstrate an understanding of large-scale information technology application systems, infrastructure, business processes and security standards.
• Demonstrate an understanding of the IT audit methodology and its application in major client industries.
• Power BI experience/ other data analytic tools.
• Ability to work with and document workflows (Visio etc.)
• Programming would be a bonus.
Education or qualifications
Minimum Qualifications
• Degree/ Diploma and
• Relevant industry specific certification (CISA, CISM etc.)
Salary - R80kpm plus fuel card and bonus
Send cv to
