3. Key Accountabilities:
- IT Audit Planning \& Execution – Develop and deliver comprehensive risk ‑ based IT/technology audit plans covering ITGCs and key technology domains (e.g., application and interface controls, infrastructure/operations, identity \& access, change/release, backup/recovery, cybersecurity, cloud, data, and DevSecOps).
- End ‑ to ‑ End Engagement Management – Lead the full IT audit lifecycle from scoping and planning through fieldwork, issue validation, reporting, and remediation tracking in line with Internal Audit methodology.
- Reporting \& Communication – Produce clear, concise, and impact ‑ oriented IT audit reports for the Director, articulating key risks, control gaps, root causes, and actionable technology ‑ focused recommendations.
- Stakeholder Partnership – Collaborate with IT service owners, architects, security, and business leaders to agree pragmatic action plans, set remediation timelines, and monitor closure of findings to sustainably reduce risk.
- Regulatory \& Standards Alignment – Maintain current knowledge of relevant frameworks and regulations (e.g., COBIT, ISO/IEC 27001, NIST CSF, ITIL, data privacy/cyber mandates) to ensure audit approaches remain fit ‑ for ‑ purpose and comprehensive.
Continuous Improvement \& Analytics – Enhance audit methods, tooling, and automation, leveraging data analytics, control telemetry, and continuous monitoring to increase coverage, efficiency, and the insight quality of IT assurance.
4. Qualifications, Experience and Skills:
- Bachelor's degree in IT, Cybersecurity, or related field
- Professional certification (CISA, CISM, CISSP, or equivalent) mandatory requirement
- 6–8 years of progressive experience in internal audit, external audit, IT audit, cybersecurity, or technology control functions.
- 2–3 years of supervisory or managerial experience leading IT or technology audit teams.
- Demonstrated expertise in assessing IT controls, including ITGCs, application controls, cybersecurity processes, and technology elements supporting financial reporting (ICOFR).
- Strong understanding of risk ‑ based audit methodologies and assurance frameworks (e.g., COSO, COBIT, NIST, ISO 27001, IIA Standards).
- Experience with data analytics, automation, and audit ‑ support tools (preferred), with the ability to leverage technology to enhance audit efficiency and insight quality.
- Strong understanding of technology ‑ enabled control environments, including how IT processes, systems, and configurations impact financial reporting, compliance, and operational integrity.
- Advanced knowledge of internal control frameworks and IT risk management principles, including ITGCs, application controls, cybersecurity controls, and technology governance.
- Excellent analytical, critical ‑ thinking, and problem ‑ solving skills, with the ability to evaluate complex IT environments and identify control gaps with precision.
- Proficiency in data analytics tools and audit management platforms, leveraging automation and analytics to enhance IT audit coverage and insight quality.
- Strong project management capabilities, with the ability to lead and coordinate multiple technology audit engagements concurrently.
- Exceptional written and verbal communication skills, enabling clear articulation of technical risks, control deficiencies, and recommendations to stakeholders at all levels.
- Advanced proficiency in Microsoft Excel, data visualization tools, and experience working with ERP and core IT systems, including understanding of system configurations, logs, and automated controls.
- Ability to build strong, collaborative relationships with IT, cybersecurity, operations, and business teams to drive effective remediation and strengthen the control environment.