Senior IT Auditor
CapitalSage Holdings
Remote
- Conduct scheduled, ad-hoc, and focused IT and data privacy audits across all company locations in accordance with Internal Auditing Standards (IIA).
- Perform review of penetration testing, vulnerability scanning and security audits to uncover potential threats.
- Prepare audit working papers and audit files to quality standards within agreed timescales and deadlines
- Draft clear, data-driven audit reports and recommendations on vulnerabilities for review by the Head of Internal Audit
- Perform regular testing of IT applications, infrastructure, and data privacy controls (e.g. access management, encryption etc), identifying critical gaps during testing cycles.
- Collaborate with business units to integrate efficiency improvements into IT systems, achieving a measurable reduction in process downtime or errors.
- Identify and document process gaps or control weakness across IT and business operations.
- Monitor and report changes in IT risk profiles, contributing to GRC policy updates and ensuring up-to-date risk and compliance register quarterly.
- Conduct special reviews, spot checks, or investigations as assigned.
- Provide and seek constructive feedback during audits, achieving satisfaction rating in team and stakeholder feedback surveys.
- Follow-up responsible teams to implement the recommendations of internal auditors, consultants, and security analysis.
- Participate in IT projects and product development with the aim of identifying risks and recommending appropriate controls.
- Assess GRC frameworks, including IT governance policies, risk management processes, and compliance controls, identifying gaps and ensuring alignment with industry standards and regulations.
- Maintain a deep understanding of CapitalSage Holdings’ IT policies, data privacy protocols, and organizational culture, proactively identifying risks that could impact strategic objectives (e.g., zero undetected high-risk issues).
- Understanding of secure software development lifecycle (SDLC) methodologies and conducting social engineering assessments and phishing simulations.
- Assist in the promotion of an Internal Audit service that aims to meet/exceed stakeholder expectations
- Participate in process improvement/redesign and system upgrade/implementation efforts to ensure relevant requirements are considered and built into new systems and processes
- Provide advisory services to the Risk management & Compliance functions on risk management and compliance improvement opportunities across business operations
- Ensure prompt reporting of risk positions to the Head IT Audit
- Interpret and analyze reports/data/information to identify possible risk exposure
Requirements
- Possess 5 to 10 years progressive experience in IT audit, risk management, cybersecurity and compliance roles
- Minimum of a University degree
- Experience in an Audit and Accounting firm.
- Experience in the manufacturing and/or financial services industry.
- Experience auditing systems, applications and Information Technology control.
- Possession of a minimum of one of the under-listed professional qualifications, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Data Privacy Solutions Engineer (CDPSE).