Auditor (Information Systems)
Job Purpose:
Responsible for planning;
conducting audits on Information and Systems in line with the audit plan or as
requested by the board or audit committee.
Key responsibilities:
- Conduct
continuous risk assessment of the information and technology environment
in the group.
- Execute
the IS audit plan and when required, oversee the activities of the IS
Audit team, using a risk based approach / methodology.
- Be
involved in the development of the Group’s annual Information and Systems
audit plan.
- Continuous
review of internal processes and controls to determine their effectiveness
of the Group’s risk management plans.
- Should
be capable of facilitating an integrated approach to IT and business
auditing.
- Assist
IS Audit manager to coordinate with external auditors on IT related matters.
- Provide
knowledgeable advice on engagements relating to information systems,
controls and processes.
- To
be involved in pre and post implementation reviews for new and internally
developed systems, and in the review and follow up of computer security matters.
- Develop
new, enhance and / or improve and maintain a sound audit manual, work
papers audit procedures and standards.
- Attend
to other relevant duties and responsibilities as may be assigned by the IS
Audit Manager.
- Determine
internal audit scope for particular assignments.
- Maintain
open communication with management and audit department management.
- Identify
and communicated to management “continuous improvement initiatives, and
evaluate the adequacy of internal control systems.
- Gather
adequate audit evidence to support findings and suggestions for
improvement.
- Assisting
the Manager in the review and documentation of existing internal control
systems for adequacy and effectiveness, and making recommendations for
improvement.
- Deliver
on performance requirements as defined in the departments’ strategy map,
balanced scorecard and Personal Scorecard.
Key Performance Measures:
- As
would be described in your Personal Score Card.
Knowledge, experience
and qualifications required:
- Bachelor’s
degree in relevant field (IT, Computer science or business).
- Certified
Information Systems Analyst (CISA), CRISC or CISM.
- 4-6
years working experience in an Audit related field.
- Good
understanding of the SDLC and agile.
- Knowledge
and experience of operating systems, databases, IT networks (LAN &
WAN) and financial applications.
- Working
knowledge of IT / IS and governance standards (COBIT, ITIL, NIST, OWASP,
ISO 27001).
- Good
understanding of IT risks.
Technical/ Functional
competencies:
- Knowledge
and experience in data analysis / analytics.
- Decision
making – ability to make strategic decisions in a timely and effective
manner.
- High
moral and ethical standing.
- Highly
motivated.