Senior Audit Manager

Nedbank Johannesburg, Gauteng, South Africa Requisition Details & Talent Acquisition Consultant REQ Thembi Mtshali Location Johannesburg Job Family Risk, Audit and Compliance Career Stream Auditing Leadership Pipeline Manage Managers Job Purpose To provide strategic leadership and guidance to teams by providing independent assurance of the control environment to the Nedbank Group Audit Committee and ensuring effective risk management practices are implemented across Nedbank. Purpose OF GIA The purpose of GIA is to provide independent, objective assurance to the Nedbank Group Limited Board of Directors via the Group Audit Committee (GAC) that the governance processes, management of risk and systems of internal control are adequate and effective to mitigate the risks (in line with GIA Methodology), both current and emerging, that threaten the achievement of the Group’s strategy and key objectives, and in so doing help improve the internal control and risk culture of the Group. GIA receives its authority from the GAC, which is a committee of the Board of Nedbank Group Limited established to, among other things, review the work of Internal Audit of Nedbank Group Limited and its subsidiaries (the "Group"). Job Responsibilities Duties The Senior Audit Manager – Cyber, in the discharge of his / her duties, shall be responsible, inter alia, to the Nedbank Group CIA / Portfolio Executive / s to: Support the periodic assessments of the outcomes of internal audit work to appropriate governing bodies, including the GAC, Board Risk Committee, Executive IT Committee (EITCO) and Group IT Committee (GITCO); Report on the overall effectiveness of the governance, risk and internal control framework of the Group; Comply with regulatory and corporate governance expectations of the internal audit functions; Report significant Cyber issues related to the processes for controlling the activities of the Group, including potential improvements to those processes; Report periodically on the progress of the Cyber audit plan delivery; Have in place a robust process to follow-up on management’s agreed actions to address Cyber issues raised by GIA; Responsible for the delivery and measurable performance of their respective Cyber portfolio, including audit plan delivery; Apply judgement to provide an overall audit opinion on the Cyber system of internal controls of the Group; Provide insights from the outcomes of internal Cyber audit work to appropriate governing bodies; Maintain an open and constructive relationship as a Trusted Advisor with senior internal and external stakeholders including Institute of Internal Audit, SARB, External Audit and Business Executives; Implement effective and efficient audit processes to ensure that audit processes are optimized and comply with the relevant governance expectations of internal audit functions; Develop and maintain relationships with business and key stakeholders to ensure robustness and completeness of audit coverage and contribute at an insight generator / trusted advisor to business to enhance assurance provided over the control environment; Contribute to the development of a 12-month rolling audit plan (including Cyber) using a risk-based methodology, taking into consideration specific business strategic focus areas, regulatory requirements pertaining to internal audit, as well as including any risks or control concerns identified by management, the GAC and the Board; Deliver and report on the rolling Cyber risk-based internal audit plan; Allocate audit resources in accordance with the Cyber risk profile for the responsible clusters and ensure the effective and efficient use of these resources in accordance with approved budgets; Have a robust process in place to follow-up and report on management’s progress in implementing agreed actions to address Cyber issues identified by GIA; and Maintain an open and constructive relationship with the CIA, GIA HoA: Digital & Technology, Business executives, and key stakeholders by providing value added services and sharing information. Essential Qualifications - NQF Level Advanced Diplomas/National 1st Degrees Preferred Qualification Minimum required qualification: Commercial or related degree; Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include: CISM (Certified Information Security Manager) CISSP (Certified Information Systems Security Professional) ISMP (Information Security Management Principles) CCSP (Certified Cloud Security Professional) Certified Ethical Hacker (CEH) – EC Council OSCP – Offensive Security Certified Professional ISO27001 Lead Auditor/Implementer Certificate SABSA Chartered Security Architect (TOGAF) The Open Group Architecture Framework Cisco Unity Systems Engineer ITIL – IT Infrastructure Library Foundation and/or or suitable hands-on or product specific (e.g., Microsoft Azure, Amazon AWS, etc.) experience is required. Minimum Experience Level 8 – 10 years financial services experience in a senior position; Cyber experience in a Banking institute and / or cyber consultancy; Ability to operate at a Senior level; and Leadership experience leading teams. Technical / Professional Knowledge Accounting standards Change management Financial Accounting Principles Governance, Risk and Controls Principles of project management Relevant regulatory knowledge Risk management process and frameworks Strategic planning Institute of Internal Auditors standards Code of Ethics Behavioural Competencies Building Partnerships Earning Trust Coaching Communication Driving for Results Please contact the Nedbank Recruiting Team at #J-18808-Ljbffr