IT Internal Audit - Senior Consultant, Risk Advisory (Midrand) at Deloitte

Job Description

This role will primarily focus on the sales and supervision and management of IT Internal Audit and related IT controls assurance engagements.

Specialised Technical Capabilities:

The applying candidate should demonstrate experience in selling and managing the delivery of IT internal audit and related controls assurance engagements as follows:

• Ability to scope, plan, execute & manage, report & conclude on IT Internal Audit engagements.
• Ability to drive sales and business development in the form of new engagement requests including new targeting opportunities, RFP bid requests, client relationship building and opportunity identification and targeting etc.
• Work closely with the Internal Audit teams to sell and manage IT Internal audit scope and plans
• Ability to deliver on Assurance engagements by identifying risks, performing testing, researching governing policies / regulations, and developing reports
• Uses industry leading frameworks and tools to analyze client’s documentation and identify risks that require control assurance
• Tests validity of client’s historical financial and non-financial information, leveraging relevant standards (e.g. ISAE 3000), as appropriate
• Articulates client’s regulatory framework by leveraging Deloitte’s proprietary approaches and applicable audit standards and guidelines
• Develops assurance reports to accurately present risks, related controls, and the effectiveness of those controls
• Ensures findings and recommendations are aligned with the audit objectives by keeping in mind the engagement business context when performing technical work during the assessment process to ensure all risk facets are considered
• Demonstrated technical skills and methodology application
• Able to develop customised audit programs for ad hoc systems
• Demonstrated knowledge of ERP systems including SAP, Oracle etc.
• Demonstrated knowledge and experience of key databases (SQL, Oracle) and understanding of the associated security issues and vulnerabilities
• Ability to perform focused IT reviews including data conversion, interface reviews, segregation of duties and SAP authorisations.
• Ability to execute on Third party assurance engagements (ISAE3402/SOC) and unstructured controls advisory projects
• Fluent on Digital Risk and highly knowledgeable on Emerging Technologies
• Ability to execute on unstructured controls advisory engagements including Cloud, Payments, IT risk & governance, RPA etc. Developed skills in Agile and DevOps
• Strong industry experience in key industries.
• Ability to supervise others and impart knowledge.
• Ability to develop, manage, coach and lead the IT Internal Audit team

The candidate should also demonstrate the willingness to develop themselves in the following areas:

• Ability to form a core technology and data risk skillset through proactively conducting research, and participating to internal and external initiatives
• Understands and applies the major program management approaches and practices (e.g., SDLC, ITIL)
• Develops a strong knowledge of technology and data management frameworks (e.g., Technology Risk, Data Risk, Cyber Risk Maturity Model) by conducting independent research, and attending workshops, seminars and training programs
• Becomes familiar with technology and data risk, as well as industry-specific regulations; keeps up to date with emerging trends.

Technical competencies:

The candidates should have / demonstrate the following:

• 4-7 years in a client-facing IT audit / advisory role.
• Minimum of 4 years’ relevant experience of working within an audit/risk or professional services environment.
• Demonstrate strong understanding and experience in performance of IT controls engagements across key industries covering large scale ERP application systems and supporting infrastructure, business processes, and security.
• Solid grasp of technical skills and methodology
• Demonstrated knowledge and technical skills on “core operating systems” e.g. Windows, UNIX, etc.
• Experience in performing project audits, systems post-implementation reviews (incl. data migration reviews)
• Demonstrated knowledge and experience in performance of business process and automated controls testing on the more common applications
• Developing knowledge of ERP systems like SAP
• A good understanding of how to link risks and controls to ensure test steps and controls and risks all speak to each other; ability to research “unknown” systems or audit in-house developed systems, i.e. problem-solving/logic capabilities
• Developing Digital fluency and knowledge on Emerging technologies, including Cloud, RPA, AI, etc.
• Developing skills in Agile and DevOps.
• Developing further Industry experience (FSI, TMT, CB, ER&I, etc.)

Behavioural Competencies:

The candidate should have / demonstrate the following:

• Demonstrates ability to work efficiently and meet all deadlines consistently
• Displays initiative
• Takes accountability for delivery of own work as per instruction
• Active participation and proactive attitude to service delivery
• Works well within a team and with client management
• Able to deliver multiple engagements on time and within budget
• Proven ability to make decisions and the right judgement calls
• Creates a climate of positive nature
• Keeps calm under pressure
• Drives continuous improvement
• Custodian of the business
• Project Management capabilities
• Ability to spot new business opportunities

Qualifications

Minimum qualifications:

• Bachelor of Commerce Information Systems and / or Internal Auditing, Bachelor of Science Computer Science.

Desired Qualifications

• Relevant Degree, Honours or post graduate diploma.
• Professional certifications such as CISA and CRISC + relevant CPD that establishes credibility and capability in the IT Risk / Audit market.

Minimum Experience

The candidate should have / demonstrate the following:

• 4-7 years in a client facing role.
• 4-7 years IT Audit, Third Party Assurance and IT Controls Advisory experience selected industries of experience (e.g. financial services, TMT or consumer business, etc.)
• Broad experience in IT audit, risk management, business process and controls advisory.