Senior IT Auditor: IT & Application Controls at Santam Insurance

What will make you successful in this role?

• To conduct risk-based technology focused (IT) audit assignments ultimately to contribute to delivering on the internal audit plan approved by Santam’s Group Audit Committee. This could include general computer control reviews, application control reviews and reviews of IT controls within the various business processes such as application and data interfaces as well as pre and post-implementation reviews with a focus on application controls.

Assignment work entails assignment planning, execution, reporting and audit follow up work (where applicable) including the following activities:

• Performing risk and control assessments;
• Developing, executing and in some cases, reviewing audit procedures;
• Preparing audit findings and unpacking root causes with management;
• Compiling an audit report and workshopping practical action plans with various levels of management which will support the achievement of the Santam Group’s and our business partners strategic and financial objectives;
• Ensuring that audit work is documented on GIA’s audit software tool and adheres to the required quality standards; and
• Ensuring that audit work is completed within time and cost budgets.
• Assist in reporting to various audit, risk & related committees.
• Provide input into annual audit planning.
• Follow up on audit issues raised and provide input into the reports to the audit committee and other relevant governance structures.
• Maintain quality standards in terms of the audit methodology, approach and documentation.
• Supporting and mentoring junior / trainee auditors.
• Client relationship management with internal Santam stakeholders as well as external stakeholders, with a focus on Information Security functions.
• Championing Internal Audit’s role in the organisation by serving as GIA’s representative at relevant, key Santam forums.
• National travelling to Santam offices and partners may be required.

Qualification and Experience

• A relevant qualification (Diploma, Bachelors or Honours degree) in science, commerce, engineering, technology, information systems, informatics or similar. 
• More than 4 years’ experience in an audit/ consulting/ risk management/ governance or similar operations function and demonstrable exposure as per the job description.
• Experienced in performing IT general, application controls and similar types of audits across a range of environments.
• Solid understanding of traditional business processes and how they interact at an application and database level.
• An advanced understanding of internal audit disciplines, methodologies and practices.
• Experience in the insurance industry is preferred.
• Progress towards or completed CISA, CRISC, or similar.
• Good understanding of relevant security and control frameworks such as COBIT, ITIL, COSO, OWASP, CIS & similar frameworks.
• Experience with industry leading audit software packages would be advantageous.

Skills

• Very strong numerical, analytical and conceptual skills 
• Analytical ability and logical reasoning
• Understanding of key controls and risk management principles
• Strong time management
• Excellent interpersonal, communication and networking skills
• Relationship management (Strong client service orientation)
• Facilitation skills and ability to influence individuals, groups and teams
• Strong verbal and written communication skills
• Conflict management and negotiation skills
• Ability to work effectively in a team as well as by yourself