Senior IT Auditor: IT, Information Security & Cyber Security

at  Sanlam

QUALIFICATION AND EXPERIENCE

• A relevant qualification (Diploma, Bachelors or Honours degree) in science, commerce, engineering, technology, information systems, informatics or similar.
• More than 4 years’ experience in an audit/ consulting/ risk management/ governance or similar operations function and demonstrable exposure as per the job description.
• Experienced in performing IT general, information security and cyber security audits, including operating system and database security assessments/ reviews across a range of environments.
• Database and Operating systems security interrogation experience would be advantageous.
• An advanced understanding of internal audit disciplines, methodologies and practices.
• Experience in the insurance industry is preferred.
• Progress towards or completed CISA, CISM, CISSP or similar.
• Good understanding of relevant security and control frameworks such as COBIT, ITIL, COSO, OWASP, CIS & similar frameworks.
• Experience with industry leading audit software packages would be advantageous.

SKILLS

• Very strong numerical, analytical and conceptual skills
• Analytical ability and logical reasoning
• Understanding of key controls and risk management principles
• Strong time management
• Excellent interpersonal, communication and networking skills
• Relationship management (Strong client service orientation)
• Facilitation skills and ability to influence individuals, groups and teams
• Strong verbal and written communication skills
• Conflict management and negotiation skills
• Ability to work effectively in a team as well as by yourself

WHAT WILL YOU DO?

A position as a Senior Auditor exists within Group Internal Audit: Santam Corporate Services, based in the Cape Town office.
To conduct various types of assurance and consulting reviews with the primary focus on IT, Information Security and Cyber Security audits across the Santam Group (Santam Ltd, subsidiaries, brokers, portfolio managers, underwriting agencies and partners). This will be done in accordance with the annual audit plan approved by Santam’s Audit Committee and conducted in terms of International Standards for the Professional Practice of Internal Audit. The role requires someone with strong IT skills as well as the ability to engage the information and cyber security landscape and be comfortable interacting with IT security personnel. The role also requires a person who can apply our risk-based methodology, as well as lead and manage multiple audit assignments and work independently.

WHAT WILL MAKE YOU SUCCESSFUL IN THIS ROLE?

• To conduct risk-based technology focussed (IT) audit assignments ultimately to contribute to delivering on the internal audit plan approved by Santam’s Group Audit Committee. This could include general computer control reviews, information & cyber security reviews, reviews of IT controls within the various business processes (Application Controls) as well as pre and post-implementation reviews with a focus on information security.
• Assignment work entails assignment planning, execution, reporting and audit follow up work (where applicable) including the following activities:
• Performing risk and control assessments;
• Developing, executing and in some cases, reviewing audit procedures;
• Preparing audit findings and unpacking root causes with management;
• Compiling an audit report and workshopping practical action plans with various levels of management which will support the achievement of the Santam Group’s and our business partners strategic and financial objectives;
• Ensuring that audit work is documented on GIA’s audit software tool and adheres to the required quality standards; and
• Ensuring that audit work is completed within time and cost budgets.
• Assist in reporting to various audit, risk & related committees.
• Provide input into annual audit planning.
• Follow up on audit issues raised and provide input into the reports to the audit committee and other relevant governance structures.
• Maintain quality standards in terms of the audit methodology, approach and documentation.
• Supporting and mentoring junior / trainee auditors.
• Client relationship management with internal Santam stakeholders as well as external stakeholders, with a focus on Information Security functions.
• Championing Internal Audit’s role in the organisation by serving as GIA’s representative at relevant, key Santam forums.
• National travelling to Santam offices and partners may be required.