Reports To: Internal Audit & Compliance Manager
The purpose of this role is to conduct information systems audits on Tuskys’ systems covering information technology security, infrastructure, database functions / processes and the technology applications that support business functions including branches.
The systems internal audit activities involve analyzing risks and controls, recommending process and control improvements, and providing reports summarizing audit activity on all Information Technology parameters to ensure appropriate security controls are in place to protect the Company’s assets from ICT related risks.
The Information Systems Auditor must effectively interface with the other auditors and management, as well as participate in all Audit initiatives and activities.
Key Responsibilities
Conduct information systems audit assignments including planning, development of audit testing and evaluation programs, execution, and reporting of audit results under the direction of the Internal Audit & Compliance Manager.
Conduct continuous risk assessment of the information technology environment including general system controls, infrastructure controls, system security controls, application controls, backup and disaster recovery, and system maintenance to ensure consistency in achieving compliance with internal policies.
Investigate suspected and actual information system security incidents including technology driven frauds and produce reports with recommendations and ensure any remedial action is taken.
Perform annual vulnerability assessments and oversee third party penetration testing and resolve all issues identified by vulnerability assessments and penetration testing.
Support the other auditors in the department in identifying high level information system risks, as well as designing and building automation tools for use by the internal audit & Compliance department.
Participate in projects related to the implementation of new technologies and business applications by offering risk and control consulting and advice to Management and appraising the economy and efficiency of how Information Technology resources are employed in the company.
Conduct operational, compliance, financial and investigative audits, as assigned and train other audit staff in the use of computerized audit techniques, and in developing methods for review and analysis of computerized information systems.
Competence Requirements
Technical skills to effectively perform IS audit activities/tasks in a manner that consistently achieves established quality standards.
Strong understanding of internal auditing standards as issued by the IIA and ISACA in respect of audit, internal control, risk and governance principles.
Able to integrate understanding of retail industry trends and vulnerabilities to identify future possibilities, opportunities and risks.
Knowledge and application of modern IS security management practices in retail services industry to proactively review and recommend security quality improvements in line with technological changes.
Performance management to optimize personal productivity and able to work both independently or in a team setting.
Interpersonal skills to effectively communicate audit results to departmental heads and other stakeholders and ability to identify solutions that effectively address business and control needs
Qualifications and Experience Requirements
Bachelor’s degree preferably in Information Systems Management (Computer Science), Business Administration or related fields.
Be a qualified Certified Information Systems Auditor. Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security Management and Ethical Hacking.
5 years of information system audit experience – conducting information systems audits in a retail sector or other related sectors would be highly desirable.
Experience of working in a busy IT function will be an advantage.