Job Description: The IT and cybersecurity (IT) Auditor determine the objectives and potential impact of the audit plan arising from changes in the technological landscape and regulations. He/she develops an audit plan that complies with relevant auditing standards. He/she manages the implementation of audit plans and activities, as well as the investigation of non-compliance and identified risks to determine required changes to structure, policies, processes, and behaviors. He/she reviews audit findings and assesses the overall state of IT governance, compliance, and risks, including evidence for accuracy and comprehensiveness to support audit conclusions. He/she reviews audit reports for comprehensiveness and adherence to relevant reporting standards and develops recommendations to enhance IT compliance and strengthen controls against emerging risks. He also guides team members on the planning and implementation of audits. He works in a dynamic environment due to rapid changes in the IT landscape.
Responsibilities:
- Develop an IT & Cybersecurity (IT) audit plan that complies with relevant internal auditing standards.
- Pre and post-implementation reviews of system implementations or enhancements
- IT security audits (e.g., network, operating system, and data centers), evaluation of security vulnerabilities
- General computing controls and compliance reviews
- Reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate
- Develop objectives of the IT audit plan arising from changes in the technology landscape and regulations
- Review workflows and activities in the IT audit plan to propose enhancements
- Determine approaches, methodologies, and tools required to measure compliance and risk of IT assets and technologies
- Evaluate existing audit plans for relevance and changes
- Manage the implementation of IT audit plans
- Ensure adherence to IT audit standards and procedures during the conduct of audit activities
- Review audit findings to assess the overall state of IT governance, compliance, and risks
- Review evidence for accuracy and comprehensiveness to support IT audit conclusions
- Prepare and report results to executives, the Audit Committee, and other stakeholder groups as required
- Determine key messages for communication and presentation materials to share IT audit findings and recommendations
- Manage the investigation of non-compliance to IT standards and identified IT risk to determine required changes to structure, policies, processes, and behaviors
- Manage follow-up reviews to ensure adequacy and timeliness of corrective actions
- Advise managers and employees on IT audit processes and controls
- Develop recommendations to enhance IT compliance, address risks and strengthen controls against emerging risks
Preferred Qualifications:
- A tertiary-level qualification from an internationally recognized institution in preferred Bachelor's Degrees in Finance, Accounting, or Computer Science
- Preferred professional certificates: CIA, CISA, CISM, CRISC
Years & Nature of Experience:
- Would have 8 to 10 years of equivalent experience in IT Governance/IT Audit in internal audit or an external auditing firm is a plus.
- As an individual contributor, would be the subject matter expert for a capability area or key process in their organization and would typically be the person to lead design work in their area
- Has led technical or process in their area; excels at leading teams and worked effectively with other areas and stakeholders outside their function
- If a manager of others has impacted team culture through their work
- Has demonstrated ability to link technical contribution back to business impact for their team or area
Technical Competencies:
- Business Acumen
- Technology Domain Know-How
- Data Interpretation and Analysis
- Process Excellence, Quality, and Controls
Behavioural Competencies:
- Digital Fluency
- Complex Problem Solving
- Lateral Thinking
- Collaboration