IT Auditor

Closing Date
- 2024/11/07
- Reference Number
- SAS241025-1
- Job Title
- IT Auditor
- Job Type
- Permanent
- Division
- CEO's Office
- Department
- Internal Audit
- EE Occupational Levels
- Level 6: Specialists
- Location - Town / City
- Johannesburg
- Location - Province
- Gauteng
- Location - Country
- South Africa
- Job Advert Summary
- The IT Auditor performs IT audit reviews in line with the audit plan and IT internal audit methodologies and internal
audit work and provides advisory and consulting services as and when required.
- Minimum Requirements

**Qualifications**
- BSc Computer Science degree or an equivalent qualification i.e., BCom/ BTech Accounting or Internal Audit
- CISA qualification or passed CISA exam and working towards qualification
- ISACA membership (may also be IIA member as an addition)

**Experience**
- At least 3 years of IT audit experience in a non-life insurance company.**Responsibilities**:
**Sasria Departments or Agent Company Internal Audits**

Performs IT internal auditing work as assigned:

- Sasria Departments and/ or Agent Companies’ IT Internal Audit divisions
- Provide advisory services through:
1. Audit recommendations
2. Ad hoc projects
3. Participation in Risk Management sessions (RCSAs) and provide input on where IT risk management processes and controls can be improved.
- **Technical Auditing**
- Identify and evaluate the risk areas including IT audit risks in the organisation.
- Review the adequacy and effectiveness of controls using flow charts and other methods of evaluation.
- Develop audit programs or procedures by identifying risks and controls matrix (RACM) for the area to be audited.
- Conduct planning and preparation of allocated audit assignments by drafting audit start letters, opening meetings, preliminary surveys, agreeing audit scope and sign-off.
- Perform detailed reviews of IT processes and policies, Technology & infrastructure and the general control environment in accordance with the audit programmes.
- Perform detailed reviews of Cybersecurity, Vulnerability.
- Assessment and Penetration Testing where necessary.
- Be knowledgeable of Technology tools (Nessus, Nmap etc) to assist in testing for IT Security audits i.e., Cybersecurity.
- Perform ad hoc IT audits that include but not limited to UAM, Cloud Computing, Network Controls, IT Service Continuity, IT Outsourcing and Database Management.
- Perform detailed reviews of IT project management/ programme controls in line with the audit programmes.
- Perform reviews on System Development Life Cycle Reviews (pre
- and post-implementation).
- Perform both planned and ad-hoc cyber security reviews; utilise tools to perform vulnerability assessments and penetration testing.
- Perform data analytics assignments including continuous auditing and monitoring reviews.
- Perform follow-up reviews and ensure that management action plans and dates are not overdue.
- Completion of all working papers in accordance with the IT audit methodology.
- Conducts interviews, reviews document, develops and administers surveys, composes summary memos, and prepares working papers.
- All findings, conclusions and recommendations are properly and sufficiently supported in working papers.
- Communicates or assists in communicating the results of audit and consulting projects via written reports and oral presentations to

management.
- Develops and maintains productive client and staff relationships through individual contacts and group meetings.
- Pursues professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers.

**Policy and procedure development**
- Provides input on improvement of strategic audit and annual plan.
- Provides input on the improvement of the audit policy and procedure manual.

Represents internal audit on:

- Company project teams;
- Internal company staff committee meetings (on request, i.e. IT Steering Committee, Transformation committee and the Health and Safety

committee meetings); and
- External assurance providers or organisations.
- As and when required.

**Training and support**

Active involvement in development of own skills, through agreeing performance development plan with the IT AuditManager to improve or maintain the following skills:

- Negotiating and problem-solvingskills.
- Effective verbal and written communication, including active listening skills and skill in presenting findings and recommendations by audit staff.
- Establish and maintain harmonious working relationships with co-workers, staff and external contacts.
- Assist in supervising trainees or other assigned team members.

**Perform adhoc tasks**

Perform any reasonable ad hoc tasks as and when required by the IT Audit Manager or the Head of Internal Audit.