Manager/Senior Manager - IT/Information Security Audit - CISA

Purpose of the role:

This position involves planning, executing, and reporting on the effectiveness of the organization's information systems controls, security measures, and compliance with relevant regulations. The role also involves developing and maintaining audit methodologies and ensuring the confidentiality, integrity, and availability of critical information assets.

Key Responsibilities:

Audit Strategy: Develop and implement the organization's information systems audit strategy and annual audit plan, aligning it with business objectives and compliance requirements.

Audit Planning: Lead the planning of information systems audits, including risk assessment, scope determination, and resource allocation.

Audit Execution: Oversee and participate in the execution of information systems audits, including IT general controls, application controls, data security, and compliance audits.

Control Evaluation: Assess and evaluate the effectiveness of information systems controls, security measures, and data protection mechanisms.

Compliance: Ensure compliance with regulatory requirements (e.g., GDPR, HIPAA, SOX) and industry standards (e.g., ISO 27001) in relation to information systems.

Risk Management: Identify and analyze IT-related risks, and develop strategies to mitigate them.

Audit Reports: Prepare and present audit findings and recommendations to senior management and audit committees. Maintain comprehensive audit documentation.

IT Governance: Provide guidance and expertise on IT governance, risk management, and compliance (GRC) to the organization.

Security Assessment: Conduct security assessments, including vulnerability assessments and penetration testing, and recommend remediation actions.

Cybersecurity Awareness: Promote a culture of cybersecurity awareness and best practices among staff.

Emerging Technology Assessment: Stay updated on emerging technology trends and assess their impact on the organization's information systems and security.

Vendor and Third-Party Risk Management: Evaluate the information systems security and controls of third-party vendors and partners.

Qualifications:

- Post graduate degree in Information Systems, Computer Science, or a related field. Relevant certifications (e.g., CISA, CISSP, CISM) are MANDATORY

- Proven experience in information systems auditing; overall relevant experience 8 + years

- Strong knowledge of information security best practices, IT controls, and audit methodologies.

- Familiarity with relevant regulations and standards (e.g., GDPR, HIPAA, ISO 27001, NIST).

- Excellent communication and presentation skills.

- Strong analytical and problem-solving abilities.

- Leadership and team management skills.

- Ability to adapt to evolving technology and security landscapes.