To analyse the risk profile of the various IS Audit centres i.e. production applications, projects, IT environment / platforms and IT processes. To identify high-risk areas requiring IS audit attention and recommend them to IS Audit Management for prioritisation.
To independently plan and carry out reviews relating to the prioritised and assigned audit centres to evaluate the risks and recommend appropriate corrective measures and follow-up on the implementation of the corrective measures.
- Analyse and keep up-to-date the risk profiles of the IS Audit centres so as to identify the priority areas and recommend them to IS Audit Management for prioritisation. This involves on-going liaison with Mercator Managers and Business Unit Managers regarding the status of these IS Audit centres.
- Plan, schedule and execute the prioritised and assigned reviews to arrive the risks and issues and the recommendations to overcome them. Also, finalise the report in consultation with IS Audit Managers as appropriate
- Graduate in Information Systems or Audit related field. Should preferably also have a CISA certification.
- Additional certifications such as CIMS,CISSP,ISO27001 LA,PCI-ISA,PCI-QSA,CEH - are desirable.
- Minimum of 7 years experience in IT,IT Information Risk Management or IS Audit.
- Should have experience carrying out IS related reviews independently.
- Should have a good understanding of the database concepts, development environments such a JAVA,J2EE and NET. as well as secure coding concepts for web applications.
- Must have hands-on user of Computer Assisted Auditing Tools (CAATs)- preferably ACL and Structured Query Language (SQL) for analysing data and arriving at exceptions.
- Hands on experience in writing scripts/programs using PERL, SHELL Script, Windows Scripting etc - preferable.
- Must have familiarity with Continuous Monitoring/ auditing concepts.
- Knowledge of COBIT, ITIL,PCI-DSS, CMMi, TOGAF, ISO27001, BS25999 and COSO frameworks/standards for internal controls is an advantage.
- A sound knowledge of English; written, spoken and comprehension.
- Should have the aptitude to research the new technological developments with a view to provide the necessary inputs to evaluate the strategic directions of IT.
- The ability to handle several diverse projects concurrently and independently is critical.
- Must be able to quickly analyse problems and propose effective solutions, implement them and see them through to conclusion.