Senior IT and Application Control Auditor at Rand Mutual - RMA

WHAT WILL YOU DO?

Audit Planning and Execution:

• Develop and implement detailed audit programs to evaluate the effectiveness of IT controls.
• To conduct risk-based technology-focused (IT) audit assignments ultimately to contribute to delivering on the internal audit plan approved by RMA’s Audit Committee.
• This includes general computer control reviews, application control reviews and reviews of IT controls within the various business processes such as application and data interfaces as well as pre- and post-implementation reviews with a focus on application controls.

Compliance and Risk Management:

• Ensure compliance with relevant regulatory requirements, industry standards, and internal policies (e.g., ISO 27001, ITIL, COBIT and similar frameworks).
• Evaluate the organization's risk management processes and recommend enhancements to mitigate identified risks.

Reporting and Communication:

• Prepare detailed audit reports, including findings, recommendations, and action plans.
• Communicate audit results and recommendations to senior management and other stakeholders.
• Collaborate with IT and business units to develop and implement corrective actions and security improvements. Attend and participate in Operational Meetings as required.

Continuous Improvement

• Monitor the implementation of audit recommendations and follow up to ensure timely resolution.
• Contribute to the development and enhancement of audit methodologies, tools, and processes.
• Provide guidance and training to junior auditors and other staff on IT audit techniques.
• Perform and ensure high-quality internal audit work as required in terms of the International
• Standards for the Professional Practice of Internal Auditing (Standards).

Financial Policies, Guidelines, and Protocols

• Develop and deliver financial guidelines and protocols to ensure the company complies with regulations and good financial practice.

Data Collection and Analysis

• Conduct research using primary data sources, and select information needed for the analysis of key themes and trends.

Audit Compliance

• Manage a portfolio of audit assignments. Ensure that the team plans and delivers audits that cover identified risk areas, and that appropriate corrective actions are agreed on with auditees.
• Resolve issues arising from audits and refer serious or contentious issues to the audit program leader.

Recommendations

• Advise others on how to design new processes and systems that meet professional standards.

Insights and Reporting

• Prepare and coordinate the completion of various data and analytics reports.

Operational Compliance

• Identify, within the team, instances of noncompliance with the organization's policies and
• procedures and/or relevant regulatory codes and codes of conduct, reporting these instances and escalating issues as appropriate.

Document Preparation

• Edit document in line with organizational style guidelines and prepare information for publication.

Data Management

• Help others get the most out of data management systems by providing support and advice.

Personal Capability Building

• Develop own capabilities by participating in assessment and development planning activities as well as formal and informal training and coaching; gain or maintain external professional accreditation, where relevant, to improve performance and fulfill personal potential.
• Maintain an understanding of relevant technology, external regulation, and industry best practices through ongoing education, attending conferences, and reading specialist media.

WHAT YOU'LL BRING TO THE TABLE?

• Bachelor’s degree in information technology, or a related field.
• Professional certifications such as Certified Information Systems Auditor (CISA), Certified
• Information Security Manager (CISIM), Certified in Risk and Information Systems Controls (CRISC), or similar.
• Minimum of 5-7 years of experience in IT auditing, experienced in performing IT general,
• application controls, and similar types of audits across a range of environments.
• In-depth knowledge of control frameworks, standards, and best practices (e.g., ISO 27001, ITIL,COBIT).