Auditor - Senior IT Internal Auditor Cyber Security.Risk and Compliance

Key Performance Areas: Core, essential responsibilities / outputs of the position (KPA's)

Senior IT Internal Auditor: Cyber Security Audit role will be accountable to achieve the following objectives:

• Assess the likely/projected legal implications and ramifications of cyber or technology security audits.
• Report to management on cyber security audit results, highlighting new internal and external high-level risks, cost controls and recommendations for improvements within the Internal Audit department.
• An understanding and experience testing IT general controls, Application controls, Computer networks, Technical infrastructure and cyber/ information security controls covering the following:
• experience in testing web services, web\mobile applications, and cloud applications
• Proficiency with vulnerability and pen-testing tools (Nessus, Kali, Metasploit, Nmap, etc.,)
• Understanding and familiarity with vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT.
• Knowledge and understanding of the security vulnerabilities and how to assess the risk and control environment associated with them to prevent occurrence or exploits.
• Understanding of system architectures and platforms (e.g., Windows, Unix, Linux, and RedHat)
• Understanding and familiarity with the emerging technologies and how to assess the risk and control environment associated with them to prevent occurrence.

Operational Implementation

• Liaise with External Auditors as required
• Plan and agree the scope and timing of the audit assignments
• Conduct a preliminary survey of the area being audited
• Agree on the audit objectives with client management
• Execute IT Audit Assignments in accordance with the IIA and International Governance Frameworks (i.e. CoBIT, ITIL, NIST,etc.)
• Report audit findings and make recommendations to improve operations, reduce costs and add value
• Present findings and recommendations concerning areas audited to management
• Follow-up audit reports to ascertain that action is taken on agreed action plans
• Keep current with audit techniques and principles
• Review and ensure the safety and security of operating information transacted through IT equipment or systems
• Perform or assist in the performance of special reviews at the request of senior management.
• Stay informed about systems activity throughout the Company in order to develop a comprehensive audit plan that helps ensure cost effective internal controls and security is in place, to protect the Company's information assets.
• Prepare and/or review audit work papers to support the audit scope and reports and ensure that they are properly documented and filed for future references.
• Produce and communicate status of audit work with fellow team members and management relative to milestones, open issues and client management acceptance.
• Effectively communicate audit status and issues in kick-off, interim and exit meeting.

Consulting

• Provide a consulting service to business on effectiveness of controls
• Consult with business clients to improve processes
• Maintain relationship with senior management of assigned functional/business units to provide a value added service.
• Perform risk identification of business operations to assess potential problems or control weaknesses and provide guidance on how to address identified shortcomings on an ad-hoc basis

Reporting

• Assist in identifying and preparing relevant information and data for reporting purposes
• Assist the audit Manager with preparation of reports on audits conducted.
• Evaluate data compiled during audit projects and prepare reports on conditions found

Key Deliverables

• Execution of medium to high level audits.
• Successful execution of security compliance monitoring program and associated risk assessments and audits.

Education:

• A university diploma or degree in Computer Science, Security and Network engineering, Technical Business Administration, Informatica, Business & ICT, Security Management, or other related discipline.
• Security related certifications: preferred CISA and CISM or CISSP.
• Added advantages: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), A+, N+, Security+, CySA+, Pentest+.

Experience:

• 3 - 5 years internal / external audit experience or related IT experience, with at least 3 years in IT security, penetration test and infrastructure