TGCR Auditor at FirstRand Group

About the job

Purpose

• The successful candidate will lead and participate in integrated audit reviews to provide assurance on the adequacy and effectiveness of management controls and risk management through review of IT Security and IT General Controls, at divisional and business unit level within FNB. Participation in Group Wide Reviews at a FirstRand level will also be required.

Responsibilities

• The candidate will (inter alia) conduct preliminary surveys of the area and processes under review to establish the scope of the audit, ensuring that all key risks and controls are included. To execute IT General Controls Review testing and be able to analyze security configurations for operating systems, database management systems and other technologies and prepare related working papers.
• Efficiency improvements in the audit process, including the use of CAATs, which are critical throughout the audit process. To also draft reports highlighting relevant control weaknesses, risks and recommendations, as well as effective communication with clients and all audit staff. This individual should also participate in internal departmental work and assist in the development of junior team members.

Qualifications and Experience

• Applicants should hold a BSc (Computer Science or Engineering) or BCom (Information Systems) degree with majors in inter alia IT Security and Information Management, or a BCom Informatics or similar. A relevant Honors degree would be advantageous. Completed CISA/CISSP qualifications would also be preferred, as would programming/scripting skills.
• In addition, applicants should have a minimum of 3 years internal/external audit experience in IT General Controls testing or consulting and be able to audit Windows, UNIX and other operating systems without the use of automated tools such as SekChek. Applicants should also be able to audit major database management systems such as Microsoft SQL, Oracle and/or DB2; as well as understand and analyze firewall rules; and have an understanding of TCP/IP networking.
• Applicants should also boast a solid understanding of process analysis to identify risks and controls; conduct data analytics; root cause analysis; and be familiar with the concepts of combined assurance and agile auditing. Applicants should display an understanding and be able to apply the IIA Audit Standards.
• Experience in the banking industry would be preferable. Further beneficial competencies would include: analytical thinking; attention to detail; multi-tasking; innovative problem-solving; report writing; and presentation skills. Candidates should have a passion for technology; be delivery focused whilst maintaining the required quality of work.

Closing Date: 1st, June 2022