Information Technology Internal Auditor at Gcubed Boutique Recruitment

Overall job objective

The incumbent will assist in understanding and effectively managing existing and emerging IT risks, perform moderately complex, high risk or high profile individual Internal IT Audit assignments in line with the annual audit plan across the Group. On-site audits are performed and therefore extensive travelling will be involved.

Duties & Responsibilities

Conducting audits:

• Execute IT Audit including: Technical Reviews Audits (SQL, Oracle, Windows, Linux, Microsoft Azure, etc.), general controls, application controls, etc
• Establishing an IT Technical Reviews query script library for IT technical reviews
• Execute the internal audit program to the required standards of the profession and based on departmental and industry best practice methodologies
• Evaluate the effectiveness of controls over information systems and information security, document work performed, and report feasible recommendations to management where deficiencies are found
• Building strong and effective department-audit relationships to assist in achieving positive audit results

System descriptions and flow charts:

• Identify risks and controls for business processes, technical infrastructure systems, networks, servers, databases and key IT systems/applications development initiatives.
• Develop new audit programmes based on the risks and controls identified as part of the system analysis phase.

Reporting

• Ensure that all deficiencies identified during the audit are timeously communicated to management.
• Prepare comprehensive audit reports in line with IIA Standards and departmental policies that are well-written and supported in the work papers. 
• Close-out of the audit report by obtaining management comments and following up on corrective actions agreed to thereafter.

Combined assurance

• Assist in the development of a combined assurance approach and understand the requirements of the external auditors to ensure reliance can be placed on IT internal audit deliverables.

Desired Experience & Qualification

• Degree in Information Systems (BCom or B.Sc Computer Science)
• Professional qualification in either of the following: CISA/CISM/CRISC/CGEIT/ITIL/ Certified Ethical Hacker / Cyber Security Certification 

Essential Skills

• Minimum of 5 years’ experience in an IT auditing environment, conducting on-site IT audit engagements for the full project life cycle from planning through to reporting and socialising outcomes with senior management
• Strong scripting experience (Oracle, Windows, Linux, SQL)
• Strong technical skills in information security administration covering configuration (systems vulnerability assessment using tools such as: SekChek, SQL commands and scripts) 
• Network penetration controls or system implementations including reviews of routers, switches, firewall security would be highly desirable
• Critical Security Controls for windows, Linux/Unix, etc.
• Nessus 
• Firewall reviews
• Ethical hacking including penetration testing experience will be highly advantageous
• Must have conceptual and integrated understanding of IT risk
• Practical understanding of COBIT governance requirements, principles and practices
• Experience in IT risk assessments and models
• Experience in implementing and evaluating IT general and application environment controls and the use of CAATS
• Reasonable knowledge of King III/IV, ITIL, and ISO17799
• Advantage: work experience with TeamMate and analytical data mining tools such as IDEA and ACL