Senior IT Auditor (OT Information Security) at Sasol

Short Description / Purpose of Job

• Manage and execute IT audits with a specific focus on Industrial/ Operational Technology information and cyber security within the Sasol Group in order to mitigate information management and cyber security risks impacting Sasol’s operations and to provide subject matter expertise. Manage audit budget as well as resource allocations on assigned audit tasks when required and ensure timely reporting. Monitor the quality of executed audits against Sasol Assurance Services Operating Manual (SASOM).

Recruitment Description / Key Accountabilities

• Compile and review planning memorandums and audit programs, re-direct focus to high risk areas, and follow-up on meeting strategic objectives.
• Execute audits by identifying risks and weaknesses and ensuring that processes and systems comply with applicable policies, standards, statutory and regulatory requirements.
• Manage and execute planned and ad-hoc audits (own and managed audits) as well as resources in line with planned budgetary requirements and set timelines to contribute to the completion of the integrated risk based annual assurance plan (IRBAAP).
• Conduct audits to provide assurance that the internal system controls established by management to safeguard assets and liabilities of the company are adequately designed and operating effectively.
• Ensure the submission of factual and timely reports (own and managed) within the required reporting protocol, and integrate changes as required from stakeholder feedback.
• Ensure that all audit working papers including the evidence supporting audit report findings and results are adequately captured/ documented.
• Review audit reports and working papers of audits managed when requested by Senior Manager or Head of Function.
• Plan, manage, execute and report on overseas audits, when required.
• Conduct quality peer reviews and adhere to quality improvement practices.
• Complete task assessments of all team members of audits managed and take appropriate corrective actions.
• Contribute to the compilation and submission of reports to the Group Executive Committee, Governance Committees, Executive Committees and Sasol Limited Audit Committee.
• Monitor progress against annual audit plan, identify significant governance issues, and escalate to top management as required.
• Engage with relevant stakeholders, attend relevant stakeholder forums and provide specialist advice.
• Contribute to the development and drive implementation of the integrated risk based annual assurance plan.
• Keep up to date with and share knowledge in respect of new/ emerging developments in the internal audit profession and technological solutions.
• Execute and provide support for non-audit activities as allocated.

Formal Education

• Bachelor's Degree

Min Experience

• 11 relevant years of experience relating to auditing and information and cyber security in the Information Technology and Operational Technology (Industrial plant) environments
• Certification & Professional Membership
• Certified Information Systems Security Professional (CISSP),
• Certified Information Systems Auditor (CISA) and/or
• Certified Ethical Hacking (CEH) and or certifications in Plant Operational Technology security is advantageous.

Competencies

• Collaboration: The action of working with someone to produce something
• Critical reasoning: The action of critically thinking about something in a logical, sensible way and taking all factors into consideration.
• Execution capability: The underlying ability to execute a strategy/project or day to day work
• Problem Solving: Is a step-by-step process of defining a problem, searching for information, and testing a series of solutions until the problem is solved. In involves critical thinking, analysis and persistence.
• Project Management: The process of planning, organizing, and managing tasks and resources to accomplish a well defined objective, usually within constraints of time, resources, and cost.
• Relationship Management: The conscious aim to develop and manage long-term and/or trusting relationships with internal or external customers, distributors, suppliers, or other parties in an environment which can include marketing, selling, servicing and other areas where a relationship is crucial to on-going success. At a senior level, it includes C-level relationships with senior management such as CEO [Chief Executive Officer], CIO [Chief Information Officer], and CFO [Chief Financial Officer].
• Reporting: The ability to access information from databases, forms, and other sources, and prepare reports according to requirements.
• Self-Mastery: Takes accountability for driving own growth through developing self-awareness, reflecting, seeking feedback and self-correcting
• Tech Savvy: Knowledge of the Information Technology Industry including trends, emerging technology, best practices, competition, regulations, and legislation.