IT Auditor

Minimum Requirements
Qualifications:

- BSc Computer Science degree or an equivalent qualification i.e., BCom/ BTech Accounting or Internal Audit.
- CISA qualification or passed CISA exam and working towards qualification.
- ISACA membership (may also be IIA member as an addition).

Experience:
At least 3 years of IT audit experience in a non-life insurance company.
Duties and Responsibilities:
Provide advisory services through:

- Audit recommendations.
- Ad hoc projects.
- Participation in Risk Management sessions (RCSAs) and provide input on where IT risk management processes and controls can be improved.

Technical Auditing:

- Identify and evaluate the risk areas including IT audit risks in the organisation.
- Review the adequacy and effectiveness of controls using flow charts and other methods of evaluation.
- Develop audit programs or procedures by identifying risks and controls matrix (RACM) for the area to be audited.
- Conduct planning and preparation of allocated audit assignments by drafting audit start letters, opening meetings, preliminary surveys, agreeing audit scope and sign-off.
- Perform detailed reviews of IT processes and policies, Technology & infrastructure and the general control environment in accordance with the audit programmes.
- Perform detailed reviews of Cybersecurity, Vulnerability.
- Assessment and Penetration Testing where necessary.
- Be knowledgeable of Technology tools (Nessus, Nmap etc) to assist in testing for IT Security audits i.e., Cybersecurity.
- Perform ad hoc IT audits that include but not limited to UAM, Cloud Computing, Network Controls, IT Service Continuity, IT Outsourcing and Database Management.
- Perform detailed reviews of application systems and access controls, this will include ERP systems and electronic signatures in accordance with the audit programmes.
- Perform detailed reviews of IT project management/ programme controls in line with the audit programmes.
- Perform reviews on System Development Life Cycle Reviews (pre- and post-implementation).
- Perform both planned and ad-hoc cyber security reviews; utilise tools to perform vulnerability assessments and penetration testing.
- Perform data analytics assignments including continuous auditing and monitoring reviews.
- Perform follow-up reviews and ensure that management action plans and dates are not overdue.
- Completion of all working papers in accordance with the IT audit methodology.
- Conducts interviews, reviews document, develops and administers surveys, composes summary memos, and prepares working papers.
- All findings, conclusions and recommendations are properly and sufficiently supported in working papers.
- Communicates or assists in communicating the results of audit and consulting projects via written reports and oral presentations to management.
- Develops and maintains productive client and staff relationships through individual contacts and group meetings.
- Pursues professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers.

Policy and procedure development:

- Provides input on improvement of strategic audit and annual plan.
- Provides input on the improvement of the audit policy and procedure manual.

Represents internal audit on:

- Company project teams.
- Internal company staff committee meetings (on request, i.e. IT Steering Committee, Transformation committee and the Health and Safety committee meetings); and External assurance providers or organisations.
- As and when required.

Training and support:

- Active involvement in development of own skills, through agreeing performance development plan with the IT Audit Manager to improve or maintain the following skills:
- Negotiating and problem-solving skills.
- Effective verbal and written communication, including active listening skills and skills in presenting findings and recommendations by audit staff.
- Establish and maintain harmonious working relationships with co-workers, staff and external contacts.
- Assist in supervising trainees or other assigned team members.

Perform adhoc tasks:

- Perform any reasonable ad hoc tasks as and when required by the IT Audit Manager or the Head of Internal Audit.