IT Auditor (Senior) at Discovery Limited

Role Purpose

• The Senior IT Auditor is responsible for delivering high‑quality, risk‑based IT audit engagements across the organisation. This role performs detailed assessments of IT general controls, application controls, cybersecurity processes, and technology‑related risks. The Senior IT Auditor leads parts of engagements, conducts complex testing, evaluates control design and effectiveness, and identifies root causes of issues. They prepare clear, concise audit findings and work closely with stakeholders to validate results and agree practical remediation actions. The role also provides guidance to junior auditors, supports audit planning through risk assessment, and contributes to continuous improvement of audit methodology, data analytics, and assurance practices. Ultimately, the Senior IT Auditor helps strengthen the organisation’s control environment by providing objective assurance over technology risks and controls through effective stakeholder engagement and people leadership.

Key Responsibility Areas

Strategic Responsibilities

• Assist Audit Management in responding to management and stakeholder queries.
• Build and maintain effective working relationships with Discovery companies and other assurance providers, including:
• Discovery Limited Invest, Life, Corporate and Employee Benefits, Insure, Health, Vitality RSA and Vitality Group International
• External Audit and other Assurance Providers
• Facilitate the maintenance of IT risk profiles, including both inherent and residual risk views.
• Challenge risk management information received from the business by value-add input on opportunities to strengthen IT risk management processes and controls.

Technical Competence

Demonstrates strong technical knowledge and practical application in the following areas (refer to "Essential Knowledge & Experience" section below for minimum years of experience in the above areas):

• IT General Controls (“ITGC”) reviews
• Application control reviews
• Data governance and IT governance frameworks
• IT infrastructure and technical environments, including databases and operating systems
• Cybersecurity and information security
• Computer Assisted Audit Techniques (“CAATs”) and data analytics
• Keeps abreast of emerging technology, cyber risks, and industry trends and actively contributes to the enhancement of audit methodology and audit approaches

Operational Responsibilities

Audit Planning and Risk Assessment

• Ensure audits are planned and performed in accordance with the approved Internal Audit Methodology.
• Obtain input from Audit Management regarding key risks associated with each audit topic.
• Ensure all significant risks are appropriately addressed for each audit engagement.
• Liaise with Group Risk, Compliance, and Forensics to identify issues impacting audit scope or execution.
• Define the purpose, scope, and audit approach for assigned audits.
• Draft engagement letters for Management review.
• Assist Audit Management in determining the scope of IT Audit assignments.
• Prepare engagement letters for review and approval by Audit Management.
• Prepare and/or review Audit Planning Memoranda (“APMs”).

Audit Execution and Documentation

• Prepare and/or review system descriptions, walkthroughs, and process flow diagrams, raising review notes where required.
• Prepare and/or review Risk and Control Matrices (“RACMs”) and address review notes.
• Prepare and/or review audit test procedures and obtain approval for any changes to RACMs, testing procedures, or sample sizes.
• Perform audit testing and document working papers using approved Audit Software.
• Review working papers prepared by IT Auditors and raise review notes as appropriate.

Reporting Responsibilities

• Draft audit reports for Management review.
• Review draft audit findings and observations.
• Forward draft observations to business stakeholders for comment and management responses.
• Prepare executive summaries, including overall audit opinions/ratings and management commentary.
• Perform ad‑hoc reporting as required by Audit Management.

Audit Finalisation

• Prepare and/or review the Audit Finalisation Checklist at the conclusion of audits.
• Provide continuous feedback to Audit Management throughout planning, execution, and reporting phases.
• Maintain ultimate accountability for the quality, completeness, and accuracy of audit files.

Supervision, Quality, and Delivery

• Provide close day‑to‑day supervision of IT Auditors and auditors’ work progress.
• Monitor the quality of audit work and implement corrective action where required.
• Provide on‑the‑job training, coaching, and supervision to ensure audit objectives are met and adequate coverage is achieved.
• Provide regular (at least weekly) progress updates to Audit Management.
• Track audit budgets and timesheets weekly and submit to Audit Management.
• Escalate risks, delays, or challenges timeously where deadlines may not be achieved or feedback is outstanding.
• Immediately advise Audit Management of any significant audit issues or impediments.
• Proactively take on additional responsibilities as requested by the Audit Manager.
• Provide meaningful input and monitor the effective and timely implementation of management actions addressing control weaknesses identified through audits, risk events, risk profiling, and Control Self‑Assessments (“CSAs”).

Follow‑Up Responsibilities

• Follow up on outstanding audit findings and management action plans.
• Prepare and submit follow‑up progress reports for Risk Committees and Audit Committees where required.

People Management Responsibilities

• Drive self‑development through studying, attending training courses, and professional chapter meetings.
• Complete mini‑appraisals and performance feedback processes as required.
• Manage day‑to‑day activities of assigned audit staff, consultants, and contractors.
• Support the development of audit staff to enhance competence, capacity, and delivery of the department.
• Monitor staff productivity through timesheets and cost recovery processes.
• Review feedback received from management on auditor performance.
• Prepare and provide performance feedback and appraisal input for IT Auditors across assigned audits.

General Responsibilities

• Stay up to date with developments in the Internal Audit profession and relevant industries.
• Contribute to the ongoing development and enhancement of audit methodology.
• Travel when required to support audit engagements.

Qualifications

Bachelor’s Degree or equivalent relevant qualification

• (Computer Science, Computer Auditing, Information Systems, or Auditing as majors)
• One or more professional certifications required:
• CIA, CISA, CISM, CRISC, CGIT

Experience

• Minimum of 5 years’ IT audit experience
• Broad IT audit exposure covering business processes, systems analysis, and application development
• Industry experience within Financial Services, Insurance, or Medical Scheme sectors

Essential Knowledge & Experience (Minimum Requirements)

• IT General Control reviews – minimum 5 years
• Application Control reviews – minimum 5 years
• Data and IT governance – minimum 2 years
• IT infrastructure technical reviews (databases & operating systems) – minimum 2 years
• Cybersecurity and information security – minimum 2 years
• CAATs / Data analytics
• Experience managing a team - minimum 2 years