Audit Officer IT Security at Sasol

BUSINESS UNIT: Assurance Services

LOCATION: Sasolburg, Free State

In line with Sasol’s commitment to Employment Equity, preference will be given to suitable candidates from designated groups.

PURPOSE OF THE JOB:

In accordance with the Sasol Assurance Services (SAS) Charter as approved by the

Sasol Limited Audit Committee:

• To execute the IT project and governance audits of the Sasol Group globally.
• To ensure that the quality of audits executed are in alignment with the Sasol
• Assurance Services Operating Manual (SASOM).
• Execute and complete assigned IT Audit and IT Consulting engagements, and act in the role of a subject matter expert for audits managed and executed.
• Execute and complete assigned IT audit tasks to be within budgeted planned hours.
• Ensure timely reporting of assigned audit tasks and follow established reporting
• protocols.
• Integrate with other departments with regard to knowledge sharing on audit tasks being managed and executed.
• To assist other departments (Generalist, Projects, Compliance, Economic Crime
• Risk Management, Forensics) where resources constraints exist.
• Act as liaison with clients.

Job requirements

Minimum Qualifications and Experience required:

• Qualified IT Auditor with auditing experience/ articles and 3 to 5 years relevant experience.
• University B-Degree with Information Security, Information Management and auditing related subjects as majors.

Alternative qualifications and experience to be considered that will be an advantage:

• B-Degree with Honours with Information Technology / Information Management and auditing related subjects as majors,
• Qualified CIA or equivalent with articles and 3 to 5 years relevant experience and subject matter expertise.
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacking (CEH)
• Additional qualifications/certifications that will be an advantage:
• Certified Information Systems Auditor (CISA)
• Qualifications relating to emerging technologies

Additional qualifications/certifications that will be an advantage:

• Certified Information Systems Auditor (CISA)
• Qualifications relating to emerging technologies

Minimum experience:

Subject matter expertise focusing on:

• Internal auditing
• IT/ IM related auditing using Cobit as basis (IT Governance, Information security,
• General IT controls, Applications controls and emerging technologies audits);
• Information security audits within the business and industrial control systems environments;
• IT project life-cycle framework (Waterfall and Agile);
• IT consulting;
• Emerging technologies, and
• Data analytics and computer assisted auditing techniques.

Core Elements of Job and Key Performance Indicators

Business Results:

Audit task planning

• Compiling of the planning memorandum to ensure focus on high risks.
• Compiling of the audit programme to ensure audit objectives are met.

Audit execution / reporting

• Obtaining and documenting audit evidence supporting the reported findings in the audit report.
• Execute own audits to ensure factual and timely reports with flexibility to adapt to change.
• Manage the execution of audits as and when required.
• Plan/ execute overseas audits when required.

Internal Audit Reporting

• Periodically assist in compiling status reports to all relevant stakeholders for area of specialisation.
• Assist on an ad hoc basis in preparing reports on a quarterly basis for the GEC and the Sasol Limited Audit Committee on significant governance issues identified and progress against annual audit plan for area of specialisation.
• Factual, comprehensive and timely reporting to Operating Model Entities and Functions management, Governance Committees, Boards and relevant stakeholders.

Quality control

• Ensure that quality standards for Sasol Assurance Services and the Projects and
• Combined Assurance team are met with regard to own working papers.
• Conduct peer reviews of team audit working papers as part of the quarterly internal quality assessments or when required.
• Ensure that reporting protocols are observed on own working papers and reports.

Specialist advice

• On request review policies and procedures.
• Attend and provide specialist advice on request at Project Steering committee meetings or client meetings.
• Ad hoc requests for specialist advice on best practice.

Special Ad hoc Requests

• Conduct specific ad-hoc audit requests as and when required.
• Execute special requests by the Audit Committee as and when required.

Leadership and Values:

People Leadership: 

• Authentically and inclusively engages all stakeholders in developing business relevant solutions. 
• A talent magnet. Proven ability to identify talent and further invest in talent.

Partnership Leadership:

• Ability to collaborate and influence stakeholders. 
• Establish and build relationships and partnerships for win-win outcomes.
• Build and establish core capabilities through partners and peers.

Business Leadership:

• Demonstrates business acumen.
• A global mindset and exercises sound judgment.
• Achieves results through others and holds them accountable.
• Outside-in approach when developing learning solutions

Strategic Leadership

• Leads the Core and Critical skills portfolio within Sasol in an innovative and sustainable manner.
• Strong internal and external networks
• Ability to benchmark and spot best tap into relevant best practices

Self-Mastery

• Continuously develop self
• Ambassador for living the Sasol Values

Audit Planning and Management

• Assist in developing an annual audit plan for area of responsibility – IT projects and governance.
• Develop/ Execute an own functional work plan and schedule in order to execute and to complete the IT audit plan based on the audits allocated taking into consideration priorities and risks with flexibility.
• Weekly feedback to Senior IT Auditor on audit status and budget control of audits allocated and executed by self to enable effective scheduling of annual audit plan.
• Perform allocated audit, management and/or administrative tasks as and when allocated by the Senior IT Auditor or Head of IT Audit.

Sasol Assurance Services Management

• Maintain and update standard audit programmes.
• Support the developed tactical plans to support the implementation of the Sasol
• Assurance Services and IT Audit strategy.
• Act as a change agent and assist in driving the implementation of innovative improvements and tactical changes to Projects and Combined Assurance processes and systems effectively and efficiently.
• Stay abreast of new developments in the assurance and IT project and governance environments and make recommendations on necessary changes.
• Be a role model for Sasol Values.
• Manage own delivery to ensure requirements of the Sasol Limited Audit Committee in terms of our performance measures are met.
• Manage own effectiveness.
• Communicate own requirements for skills development, manage the development and improvement of own skills through training and exposure, and contribute towards skills development for the team.
• Proactively engage and share knowledge with other teams in order to drive integration between all departments within Assurance Services.

Relationships, teamwork and Collaboration:

Stakeholder engagement

• Attend, monitor, evaluate and contribute to discussions at relevant committees, forums, projects and committees where assurance about the area of specialisation is being discussed, with assistance when required.
• Identify and communicate any significant risks not yet identified through the risk management process.
• Issue and discuss all audit findings with senior management (Internal and external).
• Share knowledge, network and collaborate with Assurance Services colleagues on internal audit findings.
• Contribute to advice provided on Corporate Governance frameworks.
• Discuss and obtain input on annual audit plan.
• Build constructive working relationships with manager, peers, clients and other service providers.
• Communicate and behave professionally so that actions result in high level ofcredibility, trust and respect

Note: Failure to provide Sasol with truthful information and valid documents will render your application null and void.