Job Description

Job Purpose description:

To lead and review the audit process for Information and Cyber Security across the group in line with the Group Internal Audit strategy to provide independent and objective assurance and advice within a segment or area of expertise to ensure sustainable client-centric management of risk across company.

Strategy

• Contribute to the development and implementation of GIA's strategy and operating model by applying insights from the company strategy and operating model, business unit strategy and operating model, products, services, client-base and competitive environment, industry and wider developments, regulatory environment, business developments and changes, operations, risk management practices and global assurance practices.
• Contribute to the development of clear and measurable GIA objectives. Implement the objectives across the team and individual team members and track individual and team performance.
• Assess, determine, develop and implement the capabilities required for the audit portfolio to achieve its objectives, including upskilling and tooling for audit of Information and Cyber Security across the Group.
• Build and maintain effective relationships with senior management across business, functional and risk management areas to enable GIA's strategy and achievement of objectives.
• Partner relevant stakeholders across the audit portfolio to share and leverage risk management practices, tools and capabilities, and drive an aligned and integrated approach to assurance and risk management across the Group.
• Assess and influence risk culture across company, through stakeholder engagement, contribution to governance forums, including the audit committee, and holding relevant stakeholders to account to drive the right risk culture.

Client

• Assess, identify and report on practices in the audit portfolio which negatively impact client experience and raise recommendations to improve client experience.
• Licence to Operate
• Understand and manage adherence to legislative and regulatory requirements on internal audit for the audit portfolio, incorporating all relevant jurisdictional requirements.
• Understand and influence coverage over legislative and regulatory requirements for cyber and information security across the Group.
• Understand and manage adherence across the audit team to applicable internal policies, processes and procedures.
• Contribute to the development of and manage adherence to GIA methodology, policies and processes. Monitor developments in regulatory requirements, professional practices and industry standards to ensure requirements, practices and standards are addressed. Ensure the methodology, practices and processes address GIA's mandate and enable highly effective outcomes and efficient practices.

Risk, Regulatory, Prudential & Compliance

• Manage the development and maintenance of a risk assessment on all areas of risk origination and risk management within the audit portfolio, covering all the risk types to inform audit planning and reporting.
• Maintain oversight and influence appropriateness of risk assessments performed across the Group in relation to Cyber and Information Security.
• Lead and manage the development and maintenance of a risk-based, resourced, and relevant assurance plan for the audit portfolio and influence appropriate coverage across the group.
• Communicate to relevant audit portfolio stakeholders and governance committees, obtain approval from relevant legal entity committees, and feed into the GIA assurance plan for Audit Committee approval.

Technology & Architecture

• Contribute to GIA's technology strategy and implementation.
• Apply insights on practical audit needs, and from leading technology developments in wider fields, in financial services, within company and in risk and assurance practices.
• Financial Management
• Drive and enable productive use of all resources.
• Manage projects and resources effectively delivering projects within approved resource hours and timelines.
• People
• Implement the people plan for the portfolio to attract, retain, develop, manage and lead people capable of delivering GIA's objectives.
• Monitor the effectiveness of the plan and provide regular feedback to inform further development and improvements to the plan.
• Data
• Contribute to the development of GIA's data strategy.
• Implement the strategy across the portfolio.

Qualifications

• Post Graduate Degree (NQF 8/9)
• CISA
• CISM (Preferred)
• CISSP (Preferred)
• Cloud Security certifications (AWS/Azure) (Preferred)

Experience Required:

• More than 10 years of experience in Internal Audit, with proven experience in IT Security and audit project management.
• Experience in building partnerships and engaging with multiple stakeholders at senior levels across the ecosystem.
• Experience in understanding and evaluating security controls across various technology platforms.
• Experience in leading large teams;
• Change management experience.
• Total number of years experience: 12 years

Behavioural Competencies:

• Making Decisions
• Upholding Standards
• Developing Strategies
• Team Working
• Empowering Individuals
• Interpreting Data
• Developing Expertise
• Directing People
• Providing Insights
• Challenging Ideas
• Valuing Individuals
• Convincing People

Technical Competencies:

• IA Data Analysis
• Internal Auditing
• Maintain IA Professional Practices
• IA Technology Application
• Management of Audit Function
• Business Acumen (Audit)
• Promote Good Governance, Risk & Control
• Operational Planning
• Leadership Competencies