Audit Portfolio Manager: IT Cyber at Nedbank

Job Purpose
To work in collaboration with the various teams within GIA as well as the wider risk and security Teams to deliver the annual audit plan thereby providing reasonable assurance to stakeholders that key information and cyber risks are being mitigated through adequate and effective management controls in accordance with Group Internal Audit (GIA) methodology

Job Responsibilities

• Execute Cyber security audit assignment planning, fieldwork and reporting in line with the Group Internal Audit (GIA) methodology and Institute of Internal Auditors (IIA).
• Provide independent assurance to the Group Audit Committee that business is adequately mitigating key strategic and operational risks.
• Assess and understand business systems, processes, tools, methodologies and templates, within audit scope.
• Identify and assess the design adequacy and operational effectiveness of controls within audit scope.
• Be commercially minded and understand the broader business strategy in auditing approach.
• Manage allocated billable hours in line with Audit plan.
• Act as a trusted business advisor through providing audit insights in line with audit methodology.
• Maintain stakeholder relationships through regular scheduled engagements.
• Build sound professional relationships through addressing client concerns.
• Influence stakeholders to address inefficiencies in resolving audit findings through utilising professional experience in demonstrating benefits of best audit practice.
• Partner with stakeholders in providing regular audit progress updates and timeous reporting of key audit findings.
• Ensure client centricity in audit engagements with stakeholders.
• Ensure GIA policies and principles are maintained and applied through the audit process.
• Identify and ensure compliance with relevant laws, regulations and guidelines in line with audit scope.
• Ensure continuous improvement of the quality of audits through providing professional insights.
• Prepare quality, relevant and commercially astute assignment and reports.
• Analyse and interrogate client processes, evidence and verbal information independently.
• Apply professional judgement in all audit interactions.
• Apply experience and best practice into audit discussions and work performed.
• Deal with complex verbal and documented information and data in the audit process.
• Support the achievement of the business strategy, objectives and values.
• Stay abreast of developments in field of expertise.
• Ensure personal growth and enable effectiveness in performance of roles and responsibilities.
• Contribute to the Nedbank Culture building initiatives (e.g. staff surveys etc.).
• Participate and support corporate responsibility initiatives for the achievement of business strategy
• Seek opportunities to improve business processes, models and systems though agile thinking.

Minimum Experience Level

• 4-5 years Specialist Auditing

Essential Qualifications - NQF Level

• Advanced Diplomas/National 1st Degrees

Preferred Qualification

• Relevant BCom (Informatics/Information Systems) OR BSC (Computer Science or IT) Degree
• Honours degree advantageous

Essential Certifications

• Certified Information Systems Auditor (CISA) and optional Certified Internal Auditor (CIA)
• Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified Financial Services Auditor (CFSA)

Preferred Certifications

• Certified Information Systems Auditor (CISA) and optional Certified Internal Auditor (CIA)
• Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified Financial Services Auditor (CFSA)
• CISSP , CISM or relevant qualifications (this is essential certification )

Type of Exposure

• Influencing stakeholders to obtain buy-in for concepts and ideas.
• Conducting quality assurance reviews
• Sharing information in different ways to increase stakeholders understanding
• Building and maintaining effective relationships with internal and external stakeholders
• Auditing
• Interacting with diverse people
• Analysing and interpreting qualitative and quantitative data
• Financial services; preferable banking
• Communicating standards to others
• Consolidate data from various sources and identify/interpret trends
• Technical / Professional Knowledge or Exposure
• Technical exposure to infrastructure/network and multi-platform environments in diverse geographic and regulatory environments as required
• Technical knowledge of Project security assurance reviews (pre and post implementation reviews) using Agile practices
• Auditing IT general controls (such as DR, backups, physical access / data centres, change management)
• Auditing Infrastructure environments: Hypervisor/ Virtual machines, virtual network and virtual storage Virtual machines, Network devices (firewalls, routers, switches, etc), Operating systems, Database & Endpoint Devices
• Auditing experience of application security or web services, web or mobile applications, digital platforms, remote working
• Infrastructure hardening reviews: Internal & external vulnerability & patch management, penetration testing/ assessments
• Third party cyber security risk assessments or reviews
• Cyber security awareness assessments or reviews
• Information Security: Data Privacy & Data Leakage Prevention 
• Cyber resilience, Business Impact Assessments, Disaster Recovery
• Cyber security exposure to new and emerging technologies: Cloud Computing, Artificial Intelligence (AI), Robotics, Machine Learning, APIs
• Exposure to Cyber Security Standards/Frameworks: ISO 27001/2, CRRMF, NIST, ISF, COBIT, CIS, OWASP, etc
• Cyber security incident reviews: Identification, Protection, Detection, Response, Recovery Processes
• Financial Services experience (preferable)

Behavioural Competencies

• Managing Work
• Monitoring Information
• Building Partnerships
• Quality Orientation
• Continuous Improvement
• Work Standards
• Courage
• Adaptability