Snr Spec: Internal Audit at Liberty Group South Africa

Purpose

• The role is responsible for executing Technology and integrated audits and ad hoc management requests across the organisation in support of strengthening the control environment. The audit work must be performed in line with the Group Internal Audit (GIA) methodology and professional standards. Following audit completion, the Senior Specialist will track the agreed management actions to closure. Developing and managing relationships with various client departments across the organisation will be essential to the success of the role and enable the role-holder to provide input into the audit plan. Finally, the Senior Specialist will need to provide guidance and best practices to the Internal Audit team and client departments on relevant current and emerging Technology topics including cyber-security and threat management.

Minimum Qualifications

• BSc Computer Science, Bcom Informatics / Information Systems or equivalent IT Bachelor's Degree
• Certifications like CISA, CISM, or CRISC are essential.
• Additional certifications (CISCO, CISSP, Ethical Hacking etc) are advantageous

Minimum Experience

• Minimum of 5 years audit experience (Essential)
• Internal Audit experience (Essential)
• IT certification: CISA and CISM, or CISSP (Essential)
• Cyber security experience (Advantage)
• Insurance and Asset Management industry experience (Advantage)
• Relevant postgraduate degree (Advantage)

Key Responsibilities

• Assist with the preparation of the annual audit plan in terms of technical audits that should be performed
• Conduct periodic reviews of functional and operational audits outlined in the annual audit plan with minimal supervision.
• Evaluate control weaknesses across the IT function and the business lines.
• Document high-quality, impactful audit reports and provide assurance on IT governance, information security, and IT processes.
• Offer practical recommendations to address these weaknesses.
• Ensure that audits are performed in accordance with the requirements of the Internal Audit methodology and IIA standards.
• Participate in the preparation of reporting packs.

Additional Key Responsibilities

• Ensure that follow-ups are conducted as per the Internal Audit methodology
• Ensure audit quality is maintained through self- and peer-review of audit work and reports
• Manage relationships with business stakeholders focusing on the IT and network teams
• Keep abreast of technology-related internal audit and technical development
• Technical Competencies
• Demonstrate strong knowledge of IT, data and cybersecurity frameworks (COBIT, ITIL, COSO, ISO17799/ISO27001, TOGAF, NIST, etc)
• Technical/infrastructure knowledge is essential i.e. detailed knowledge of the following technology platforms:
• Operating systems - UNIX, LINUX, Windows
• Databases - SQL, Sybase, Oracle, IT Networks
• Firewalls, Data Centre
• Cyber Security
• Data Analytics (ACL)
• Relevant IT related laws (ECT act, POPI etc.)
• Enterprise Risk Management

Additional Technical Competencies

• Demonstrates a broad overall understanding of IT governance, IT processes and Information Security functions.
• Provides insights and appropriate recommendations on the IT risk areas.
• Engages with senior stakeholders to clear adverse audit reports.
• Understands IT and data analytics including emerging IT trends
• Must be able to systematically identify, analyse and resolve existing and anticipated problems to reach optimum solutions in a timely manner
• Strong technical skills in network controls or system implementations including reviews of routers, switches, firewall security

Skills

• Critical thinking
• Complex problem solving
• Research
• Interpersonal
• Negotiation
• Presentation
• Communication (verbal and written)
• Project management
• Time management