Information Systems Auditor at PayFast

About the team

• PayFast, by Network International, is looking for a highly skilled IT auditor to join our internal audit department, headquartered in the United Arab Emirates. As a member of our global team, you will be based in South Africa, and will be responsible for conducting IT audits, assessing the effectiveness of internal controls and providing assurance to our stakeholders. You will work with the Internal Audit Manager, PayFast, and will report functionally to the Head of Audit Africa and the Chief Internal Auditor in UAE.
• As a member of a fast-paced and dynamic team in East, West and South Africa, you will play a key role in our efforts to continuously improve our organization's risk management and governance processes.
• We are an equal opportunity employer and welcome applicants from all backgrounds and experiences to apply.

About you

• You’d love working with us If you thrive working in a fast-paced environment helping meet the demands of our rapid growth. 

You’ll fit in perfectly with our culture if you:

• Get energised by a fast-paced environment
• Cherish a good work-life balance
• Are adaptable
• Regard collaboration as an essential part of getting the job done
• Pride yourself as being a self-starter who doesn’t lack motivation
• Don’t need to be micromanaged
• Take feedback well and use it for self-improvement
• Welcome change and new ideas
• Value the importance of diversity

What you'll be doing

• Assists Internal Audit management by contributing and ensuring that an auditing strategy and plan is in place which identifies, and analyses risks to the business in S. Africa and in the Group.
• Plan, execute and document security related audits within the IT and Financial Systems environments and recommend improvement opportunities to remediate identified vulnerabilities.
• Discuss audit findings with key stakeholders and prepare audit reports that include thematic issues and trends identified through the execution of IT/Cybersecurity audits.
• Track remediation of issues arising from audits and work with stakeholders to avoid overdue audit actions
• Serve as an on-going subject matter expert in information security controls and technologies
• Deliver continuous information security assessments and penetration testing.
• Review security control frameworks and best practice guidelines to ensure consistent application of security controls
• Keep abreast with the latest technology security trends and provide input to mitigate emerging threats
• Extract data from complex computer systems to facilitate audit compliance and substantive testing procedure using CAATS (IDEA/ACL).
• Responsible for coordinating with management (auditee) to ensure audit delays are minimized and audit fieldwork and reporting timelines are met.
• Communicate progress of the Internal Audit to management (auditee) throughout the audit.
• Prepare the draft audit report for submission and distribution to the various stakeholders and the adequacy and effectiveness of stakeholder action plans are assessed and implementation is monitored and reported in writing.

What you'll need

• 6+ years working experience in information systems audit and cyber security assurance (Financial industry experience preferred)
• Degree in Computer Science, IT, Business Information Systems (or related technical / business field) from a recognized university
• CISSP (Certified Information Systems Security Professional) or CEH (Certified Ethical Hacker) would be an added advantage
• Certified Information Systems Auditor (CISA) or equivalent would be an advantage
• Experience working with information security frameworks such as ISO27001, NIST 800-171, Cyber Essentials / DCPP. 
• Experience in performing DRP, Application controls, business applications, Governance
• Experience in performing physical security reviews, access control reviews and social engineering tests
• Experience in audit of cloud security, governance and operations (AWS strongly preferred, Azure will be an added advantage)
• Demonstratable Experienced in Data Analytics using CAAT tools (SQL, IDEA, ACL, Python, R+, PowerBI etc)
• Strong working knowledge of security principles, techniques, and technologies with a good understanding of network protocols, design and operations.
• Experienced in audit and security of network components such as perimeter firewalls, WAF, privilege access management, appliances, certificate servers
• Knowledge of common IT and networking technologies (operating systems, relational databases, network/mobile technologies) including Oracle or MS SQL databases, Unix / Linux / Windows etc.
• Strong relationship, communication and stakeholder management skills
• Ability to evaluate risks, articulate issues, develop consensus, raise awareness and recommend practical solutions
• Ability to initiate and build effective stakeholder relationships
• The ability to work under pressure and be resilient and tenacious to get results
• Ability to identify risk within complex processes and systems.
• Comfortable with interacting with senior management and executives.
• Ability to clearly articulate ideas and findings to a variety of stakeholders.