Plan and Conduct IT audit reviews in conjunction and with close liaison with Business Internal Auditors, across all business areas within the Asset Management Group, globally as required.
- Assist with defining the IT Audit Universe, and the prioritization, scheduling and scoping of Integrated and IT Infrastructure reviews.
- Liaise with IT-related functions and processes regarding: Information Security, Cyber Security, Disaster Recovery, Data Migration Assurance, Data Loss, Data Leakage, IT Risk Management, Data Protection, Windows Server & Workstation, Active Directory, Exchange Networking Routers, Switches Networking: Firewalls, IPS, IDS, SQL, Mobile application security, Web Application Security, IT General Controls, Application reviews, Identity and access Management, Cloud Computing and Change Control to ensure processes are implemented and sufficient and adhering to standards and global best practice.
- Assist in the planning of IT reviews and determination of risks, controls and testing strategy.
- Perform detailed walk-throughs for the areas assigned for each review.
- Perform audit testing as outlined in the testing strategy.
- Identify risks / weaknesses / issues and suggest improvements and close out issues with relevant line management and escalate risks and issues when identified to the Head of Internal Audit.
- Attend close out meetings to discuss findings identified in conjunction with Business Internal Audit.
- Draft findings for inclusion in the report.
- Finalize reports with senior management in conjunction with Business Internal Audit.
- Involvement in ‘High’ risk projects to ensure that potential problems are identified early and resolved accordingly.
- Escalate risks / issues within the Internal Audit team during team meetings or when it arises.
- Thorough understanding and application of the IA methodology.
- Understanding and knowledge of IA business processes, products and regulations, as well as business risks.
- Detailed knowledge on the product and functional areas that are tested.
- Share knowledge and experiences with the team.
- Adhering to the Code of Ethics and related policies, including personal account dealing, gifts, inside information, etc.
- Ensuring Compliance forms and declarations are completed and returned on a timely basis.
- Ensuring timely completion of Compliance training.
- Ensuring that you maintain appropriate level of training and threshold competence levels.
- Ensuring you keep up to date on procedures and best practice relevant to your job responsibilities.
- Ensuring regulatory, client and other corporate records are maintained.
- Ensuring that firm and client data and property, including IT data, are properly protected and that advised best practices are followed to maintain confidentiality and security of all data.
- Reporting any possible and actual breaches, errors, or complaints.
- Reporting any possible concerns about conduct or unfair treatment of customers to Compliance.
- Reporting any suspicion that a client, investor, or employee may be involved in money laundering, fraud or other crime.
- Being alert to possible wider Compliance and Operational Risk issues within the general business.
- Maintaining the independence of the 3rd line of Defence.
- Ensuring that your team procedures are kept up-to-date.
- Ensuring that all changes in business practice are taken through the appropriate business forums.
- Ensuring that regulatory, client and other corporate reporting deadlines are met.
- Ensuring that if handling client monies and client assets that they are properly protected, recorded and reconciled.
- Maintaining “chinese walls” / “ethical walls” with other parts of the Group under the inside information requirements.
- Certified Information Systems Auditor (CISA qualified) [CRISC, CISM & CA(SA)
- Minimum 7 years’ experience in Internal IT Audit or External IT Audit in a Financial Services (Asset Management preferable) environment in General and Integrated application controls as well as Security reviews.
- Knowledge of Asset Management Business Process Internal Audits will be an advantage.
- Detailed knowledge of IT / Internal Audit Standards, Issues and Risk Based Audit Methodologies.
- Knowledge of industry trends and applicable regulation and guidance issued by regulators.
- Reasonable knowledge of Cyber Security.
- Reasonable security knowledge of Infrastructure platforms.
- Experience of IT risk methodologies such as COBIT, SANS, Top 20, ISO27001 and NIST.
- MS Office suite of products.
- Will be based in Cape Town but will be required to travel, including overseas .