Sr. Infosec Auditor

Job Title: Information Security (InfoSec) Auditor

Position Overview:

We are seeking a skilled InfoSec Auditor to join our team. The ideal candidate will support establishing and continuously improving our Corporate Governance Framework, encompassing Enterprise Risk Management and our Corporate Code of Conduct, Ethics, and Values. This role involves conducting comprehensive audits, advisory engagements, and other activities focused on current and emerging technologies.

Key Responsibilities:

1. Professional Ethics:

   - Promote and enhance the Corporate Governance Framework, including risk management and corporate ethics.

2. Audit Execution: 

   - Develop detailed audit programs and Risk & Control Matrices (RCMs).

   - Determine and apply appropriate auditing procedures, including Information Systems Audit Techniques and data analytics.

   - Maintain documentation and working papers in the automated Audit Management System.

   - Analyze and appraise related systems and evidentiary data.

   - Conduct follow-up audits to assess the adequacy of corrective actions.

   - Ensure audit objectives are met and sufficient evidence is collected.

   - Participate in special reviews and administrative tasks as directed.

   - Identify high-risk areas and key control points.

   - Adapt audit approaches to the changing technology landscape and lead technology audits.

   - Supervise audits according to approved RCMs and professional standards.

3. Audit Reports:

   - Prepare comprehensive audit reports with professional opinions on risk management and control system adequacy.

   - Recommend improvements to enhance digital and technology governance.

   - Follow up on audit report replies and corrective actions.

4. Coordination:

   - Assist in arranging Audit Committee meetings and preparing agendas and minutes.

   - Periodically report on Technology audit activities and significant risk exposures to Senior Management.

   - Conduct workshops and presentations to create awareness of the Internal Audit (IA) function.

   - Provide professional advice on Audit Committee Charters and Technology Audit Methodologies.

   - Participate in group-wide professional training programs.

   - Conduct research and benchmarking to support the IA function.

   - Challenge the status quo for continuous audit improvement.

5. Budgets:

   - Contribute to budget preparation and assist in implementing approved budgets.

   - Investigate significant variances to support effective performance and cost control.

6. Policies, Systems, Processes & Procedures:

   - Implement approved policies, processes, systems, standards, and procedures.

   - Contribute to achieving performance objectives in line with the company's performance framework.

7. Innovation and Continuous Improvement:

   - Implement new tools and techniques to improve operational processes.

   - Identify process improvements for greater efficiency in line with industry best practices.

8. Internal Communications & Working Relationships:

   - Maintain regular contact with operational-level management.

   - Communicate audit programs, findings, and recommendations at various management levels.

   - Share knowledge of standards and frameworks across the organization.

   - Participate in technology risk awareness presentations for senior management.

9. External Communications & Working Relationships:

   - Coordinate with Internal Audit Service Providers and external auditors as needed.

Qualifications:

- Bachelor’s degree in computer science, Information Technology, or a related discipline.

- 8-10 years of relevant experience in IT internal auditing, with a minimum of 5 years in digital infrastructure and cybersecurity.

- Advanced technical knowledge of core infrastructure components, cloud security, operating systems, databases, virtualization technologies, and security operations.

- Sound knowledge of technology-related risks in emerging areas such as Cloud, IoT, Zero-Trust, digitalization, and automation.

- Experience in vulnerability assessments, penetration testing, and bug bounty hunting is advantageous.

- In-depth knowledge of IT Assurance frameworks and standards (e.g., COBIT, ITIL, ISO27000, NIST).

- Expertise in data analytics and project management.

Professional Certifications:

- CISA certification is mandatory (or willing to obtain within one year of joining).

- Preferred certifications include CISSP, CISM, GIAC, and technical certifications such as CCNA, MCSA, AWS, CCSK, and GPEN.