Specialist Auditor: Information Technology at South African Bureau of Standards (SABS)

Minimum Requirements

• B. Degree in Auditing, Information Technology or a related field (NQF Level 7)
• Certified Information System Auditor would be advantageous
• 5 years relevant work experience in information technology audits or a related field
• Must have exposure in design, management and implementation of information technology audit strategies, frameworks and initiatives.

Duties and Responsibilities

Operational Planning and Implementation

• Design, manage and implement information technology audit strategies, frameworks and initiatives inclusive of measurement, management and improvement processes and procedures within the organisation.
• Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies.
• Participate in the change management process.
• Test and identify network and system vulnerabilities and create counteractive strategies to protect the network.
• Conduct efficient and effective IT audit procedures.
• Communicate complex technical issues in simplified terms to the relevant staff.
• Perform regular audit testing and provide recommendations.
• Review, evaluate, and test application controls.
• Provide recommendations and guidance on identified security and control risks.

Risk Based Information Technology Auditing

• Develop and evaluate IT audit processes and report on results.
• Apply established IT audit standards throughout the SABS infrastructure.
• Audit and assess all aspects of the company’s network applications, including software, programs, security, and communications.
• Assess the security measures in place to protect against data breaches, cyber-attacks, and other security threats.
• Monitor the integrity of all processes and formulating a cohesive audit strategy for now and into the future.
• Set a risk profile for projects and how they can impact on the business.
• Monitor IT audit processes on various user interfaces and applications, including client-based applications, intranets, extranets and all connected servers and network.
• Analyse, compile and provide reports as required by stakeholders.
• Make recommendations to business to promote and maintain a culture of risk and fraud awareness and accountability by initiating campaigns and training.
• Analyse and develop processes and provide relevant business solutions to improve organisational performance and service delivery.
• Manage external service providers to ensure timely delivery of services procured in an efficient and effective manner.

Risk and Compliance Management

• Identify and adhere to fraud controls, risk prevention principles, sound governance and compliance processes, and tools to identify and manage risks
• Support and provide evidence to all internal and external audit and regulatory requirements.
• Maintain quality risk management standards in line with regulatory requirements.
• Maintain and enforce all related Service Level Agreements to minimise business risk and ensure business continuity.
• Adhere to all relevant laws, policies and Standard Operating Procedures throughout the organisation.

Stakeholder Management

• Build and maintain effective internal and external stakeholder relationships for the purpose of expectations management, knowledge sharing and integration, and to manage the organisation’s reputation.
• Represent and participate in the organisation’s committees and tasks teams when required.
• Ensure the provision of excellent customer service.
• Resolve queries and problems within span of control and within agreed time frames.
• Follow up on unresolved queries and complaints where required.
• Liaise with relevant stakeholders regarding follow-up of information, as required for tender requests.
• Provide subject-matter advocacy and expertise to all relevant stakeholders.
• Manage internal and external relationships to ensure that best practices are implemented across the organisation.