Head of Internal Audit (Information and Cyber Security)
Be Different Recruitment
In order to be considered the following is required:
Post Graduate Degree: IT | Information Systems | Information Security Relevant professional membership will be required based on specialty CISA CISM (Preferred) CISSP (Preferred) Cloud Security certifications (AWS | Azure) (Preferred) More than 10 years proven experience in IT Security and audit project management Experience in building partnerships and engaging with multiple stakeholders at senior levels across the ecosystem Experience in understanding and evaluating security controls across various technology platforms Experience in leading large teams and change management experience Key Responsibilities:
Strategy:
Contribute to the development and implementation of group internal audit's strategy and operating model by applying insights from the strategy and operating model, business unit strategy and operating model, products, services, client-base and competitive environment, industry and wider developments, regulatory environment, business developments and changes, operations, risk management practices and global assurance practices Contribute to the development of clear and measurable group internal audit objectives Implement the objectives across the team and individual team members and track individual and team performance Assess, determine, develop and implement the capabilities required for the audit portfolio to achieve its objectives, including upskilling and tooling for audit of Information and cyber security across the group Build and maintain effective relationships with senior management across business, functional and risk management areas to enable group internal audit's strategy and achievement of objectives Partner relevant stakeholders across the audit portfolio to share and leverage risk management practices, tools and capabilities and drive an aligned and integrated approach to assurance and risk management across the group Assess and influence risk culture across through stakeholder engagement, contribution to governance forums, including the audit committee and holding relevant stakeholders to account to drive the right risk culture Client:
Assess, identify and report on practices in the audit portfolio which negatively impact client experience and raise recommendations to improve client experience Licence to Operate:
Understand and manage adherence to legislative and regulatory requirements on internal audit for the audit portfolio, incorporating all relevant jurisdictional requirements Understand and influence coverage over legislative and regulatory requirements for cyber and information security across the group Understand and manage adherence across the audit team to applicable internal policies, processes and procedures Contribute to the development of and manage adherence to group internal audit methodology, policies and processes Monitor developments in regulatory requirements, professional practices and industry standards to ensure requirements, practices and standards are addressed Ensure the methodology, practices and processes address group internal audit’s mandate and enable highly effective outcomes and efficient practices Risk, Regulatory, Prudential & Compliance:
Manage the development and maintenance of a risk assessment on all areas of risk origination and risk management within the audit portfolio, covering all the risk types to inform audit planning and reporting. Maintain oversight and influence appropriateness of risk assessments performed across the group in relation to cyber and information security Lead and manage the development and maintenance of a risk-based, resourced and relevant assurance plan for the audit portfolio and influence appropriate coverage across the group Communicate to relevant audit portfolio stakeholders and governance committees, obtain approval from relevant legal entity committees and feed into the group internal audit assurance plan for audit committee approval Lead and enable the development of a risk-based audit project scope Drive the process to ensure all relevant group internal audits’ technical and experienced input is obtained Contribute through strategic insights and approve the scope and obtain other required group internal audit approvals Enable the communication of the scope to auditees for the area under review Enable the completion of audit fieldwork Contribute with strategic and portfolio wide insights and drive accurate, risk-based, audit outcomes which lead to effective, efficient, sustainable and client centric management of risk Lead discussion of potential outcomes with relevant senior portfolio stakeholders Enable the completion of audit project reporting Contribute with strategic and portfolio wide insights and drive accurate, risk-based, audit outcomes which lead to effective, efficient, sustainable and client centric management of risk Engage all relevant group internal audit specialists to obtain input and agreement of the audit report Review and approve the audit report and communicate and obtain required review and approvals within group internal audit Lead discussion of the audit outcomes with relevant senior portfolio stakeholders Enable and drive audit project closure within agreed timelines Review and approve audit closure in accordance with group internal audit methodology Enable and manage audit finding management for the portfolio Monitor and analyze finding status data and report data and insights to relevant portfolio stakeholders and governance committees Approve or reject finding closures and assess extension requests for approval or rejection Report into portfolio governance committees providing collective audit outcomes and opinions, audit metrics, risk assessments, risk themes, risk insights and risk foresights on the portfolio Engage across group internal audit to draw insights from other areas impacting the portfolio Technology & Architecture:
Contribute to group internal audit's technology strategy and implementation Apply insights on practical audit needs, and from leading technology developments in wider fields, in financial services, within the bank and in risk and assurance practices Financial Management:
Drive and enable productive use of all resources Manage projects and resources effectively delivering projects within approved resource hours and timelines People:
Implement the people plan for the portfolio to attract, retain, develop, manage and lead people capable of delivering group internal audit’s objectives Monitor the effectiveness of the plan and provide regular feedback to inform further development and improvements to the plan Identify and develop areas for personal growth, considering skill, behavioural and leadership development, through interventions, on-the-job learning or coaching Data:
Contribute to the development of group internal audit's data strategy. Implement the strategy across the portfolio. Drive training and awareness on the use of data and implement use cases across the portfolio to enable automated assurance Drive and manage compliance with group internal audit data management standards across the portfolio, incorporating data security and data integrity controls Drive and manage the effective use of group internal audit data for reporting to progressively develop group internal audit's impact on the risk and control environment If you would like to email your CV directly – please send it to [email protected]
Information displayed above not limited to advertisement.
Please consider your application as unsuccessful if you have not received a response within 14 days of submitting your application. However, please keep a lookout on our website, www.bedifferent.co.za, for available positions which you may be suited for.
Post Graduate Degree: IT | Information Systems | Information Security Relevant professional membership will be required based on specialty CISA CISM (Preferred) CISSP (Preferred) Cloud Security certifications (AWS | Azure) (Preferred) More than 10 years proven experience in IT Security and audit project management Experience in building partnerships and engaging with multiple stakeholders at senior levels across the ecosystem Experience in understanding and evaluating security controls across various technology platforms Experience in leading large teams and change management experience Key Responsibilities:
Strategy:
Contribute to the development and implementation of group internal audit's strategy and operating model by applying insights from the strategy and operating model, business unit strategy and operating model, products, services, client-base and competitive environment, industry and wider developments, regulatory environment, business developments and changes, operations, risk management practices and global assurance practices Contribute to the development of clear and measurable group internal audit objectives Implement the objectives across the team and individual team members and track individual and team performance Assess, determine, develop and implement the capabilities required for the audit portfolio to achieve its objectives, including upskilling and tooling for audit of Information and cyber security across the group Build and maintain effective relationships with senior management across business, functional and risk management areas to enable group internal audit's strategy and achievement of objectives Partner relevant stakeholders across the audit portfolio to share and leverage risk management practices, tools and capabilities and drive an aligned and integrated approach to assurance and risk management across the group Assess and influence risk culture across through stakeholder engagement, contribution to governance forums, including the audit committee and holding relevant stakeholders to account to drive the right risk culture Client:
Assess, identify and report on practices in the audit portfolio which negatively impact client experience and raise recommendations to improve client experience Licence to Operate:
Understand and manage adherence to legislative and regulatory requirements on internal audit for the audit portfolio, incorporating all relevant jurisdictional requirements Understand and influence coverage over legislative and regulatory requirements for cyber and information security across the group Understand and manage adherence across the audit team to applicable internal policies, processes and procedures Contribute to the development of and manage adherence to group internal audit methodology, policies and processes Monitor developments in regulatory requirements, professional practices and industry standards to ensure requirements, practices and standards are addressed Ensure the methodology, practices and processes address group internal audit’s mandate and enable highly effective outcomes and efficient practices Risk, Regulatory, Prudential & Compliance:
Manage the development and maintenance of a risk assessment on all areas of risk origination and risk management within the audit portfolio, covering all the risk types to inform audit planning and reporting. Maintain oversight and influence appropriateness of risk assessments performed across the group in relation to cyber and information security Lead and manage the development and maintenance of a risk-based, resourced and relevant assurance plan for the audit portfolio and influence appropriate coverage across the group Communicate to relevant audit portfolio stakeholders and governance committees, obtain approval from relevant legal entity committees and feed into the group internal audit assurance plan for audit committee approval Lead and enable the development of a risk-based audit project scope Drive the process to ensure all relevant group internal audits’ technical and experienced input is obtained Contribute through strategic insights and approve the scope and obtain other required group internal audit approvals Enable the communication of the scope to auditees for the area under review Enable the completion of audit fieldwork Contribute with strategic and portfolio wide insights and drive accurate, risk-based, audit outcomes which lead to effective, efficient, sustainable and client centric management of risk Lead discussion of potential outcomes with relevant senior portfolio stakeholders Enable the completion of audit project reporting Contribute with strategic and portfolio wide insights and drive accurate, risk-based, audit outcomes which lead to effective, efficient, sustainable and client centric management of risk Engage all relevant group internal audit specialists to obtain input and agreement of the audit report Review and approve the audit report and communicate and obtain required review and approvals within group internal audit Lead discussion of the audit outcomes with relevant senior portfolio stakeholders Enable and drive audit project closure within agreed timelines Review and approve audit closure in accordance with group internal audit methodology Enable and manage audit finding management for the portfolio Monitor and analyze finding status data and report data and insights to relevant portfolio stakeholders and governance committees Approve or reject finding closures and assess extension requests for approval or rejection Report into portfolio governance committees providing collective audit outcomes and opinions, audit metrics, risk assessments, risk themes, risk insights and risk foresights on the portfolio Engage across group internal audit to draw insights from other areas impacting the portfolio Technology & Architecture:
Contribute to group internal audit's technology strategy and implementation Apply insights on practical audit needs, and from leading technology developments in wider fields, in financial services, within the bank and in risk and assurance practices Financial Management:
Drive and enable productive use of all resources Manage projects and resources effectively delivering projects within approved resource hours and timelines People:
Implement the people plan for the portfolio to attract, retain, develop, manage and lead people capable of delivering group internal audit’s objectives Monitor the effectiveness of the plan and provide regular feedback to inform further development and improvements to the plan Identify and develop areas for personal growth, considering skill, behavioural and leadership development, through interventions, on-the-job learning or coaching Data:
Contribute to the development of group internal audit's data strategy. Implement the strategy across the portfolio. Drive training and awareness on the use of data and implement use cases across the portfolio to enable automated assurance Drive and manage compliance with group internal audit data management standards across the portfolio, incorporating data security and data integrity controls Drive and manage the effective use of group internal audit data for reporting to progressively develop group internal audit's impact on the risk and control environment If you would like to email your CV directly – please send it to [email protected]
Information displayed above not limited to advertisement.
Please consider your application as unsuccessful if you have not received a response within 14 days of submitting your application. However, please keep a lookout on our website, www.bedifferent.co.za, for available positions which you may be suited for.
Confirm your E-mail: Send Email
All Jobs from Be Different Recruitment