Auditor - Technology Audit Group Internal Audit and Forensics at MTN

RESPONSIBILITIES

• The Auditor: Technology role is responsible to achieve the following objectives:

Audit Management 

• Assist the Senior Manager in the execution of technology systems and processes audit plans, to identify risks and vulnerabilities in control areas and to ensure that processes and systems comply with company policies, and statutory and regulatory policies.
• Serves as an active member of the audit team directly executing medium/high priority/risk internal audits on the technology systems and processes: through analysing reports and logs, conducting system and process audits, testing, preparing database updates, providing status reports and preparing final audit reports on assignments carried out, in line with internal audit standards and methodologies.
• Ensure that audits and assessments consider the effectiveness of the control areas, such as: application controls, cyber and information security, change management, business resilience and disaster recovery reviews, IT project management, IT project governance, IT risk management, information technology systems and infrastructures process and control reviews.
• Measure/evaluate technology systems and processes compliance to statutory and regulatory requirements and the company's policies and procedures.
• Track and follow up on audit findings and update respective trackers and stakeholders regularly. 

Audit Advisory 

• Provide analysis on technology systems and processes internal audit data, identifying vulnerabilities in IT systems and internal policies, trends on IT systems failures, inconsistencies, weaknesses in the control areas. Report these findings to management with recommendations on possible mitigations and enhancements.
• Recommend changes to IT systems and processes, based on internal policies, best practice and continuous change in available technologies.
• Provide recommendations on improvements to ensure an increasingly robust internal audit processes, which aims to reduce technology and information security risks.
• Carry out regular, comprehensive and holistic information security and IT systems control assessments, to identify risks and areas that need focus.
• Keep up to date with new technology solutions to mitigate/change IT systems security vulnerabilities and provides reporting on these solutions.
• Maintain relationships with management of assigned functional/business units to provide a value-added service.

Reporting 

• Assist the management to provide oversight on OpCo reporting, OpCo coordination, OpCo support and OpCo Technology Audit operations.
• Assist with compilation of reports for reporting and Audit Committee engaging various stakeholders in Opcos to ensure a comprehensive report. 

Key Deliverables

• Conduct Audits
• Audit Findings Tracker
• Audit Findings Report
• Consolidated Audit Committee Report

Role Dependencies

• Understanding of the Audit plan
• Active support from the Senior Manager
• Understanding of the respective technology and business contexts and the risks associated 
• Intra-functional collaborations with Group Risk and Compliance 

QUALIFICATIONS

Education:

• Minimum 3-year Diploma Engineering, Information Systems and Computer Systems/Science 
• Preferred, 4-year Bachelor of Engineering/ Information Systems and Computer Science/ Bachelor of Science
• Preferred, CISA / CISSP

Experience:

• Minimum 3 years’ experience in internal audit, specifically in IT system and processes audits
• Experience in presenting audit reports to senior stakeholders
• Data gathering, research and analytical abilities to develop insightful conclusions
• Experience in supervising and coordinating output 
• Experience working in a medium organisation
• Experience in working under pressure and delivering under tight deadlines

Key Technical knowledge:

• Active Directory 
• Firewall  and routers 
• Network Security
• API security 
• Cloud security 
• Endpoint security
• Knowledge on various OS’s (windows, Linux, Android, iOS, DA’s etc) 
• Experience using various security tools