Internal Auditor - Information and Communication Technology (ICT) at CIC Insurance

PURPOSE:

The bearer of the role is responsible for the execution of audits/assessments of IT processes against leading practices, frameworks and common standards (e.g. CoBIT, ITIL, HIPAA, ISO 27001/02).

S/He is expected to participate in the preparation and implementation of annual ICT work plans and budgets.

PRIMARY RESPONSIBILITIES:

• Participate in IT Assurance/Audits – including the execution of evaluation and design of IT controls (e.g. application & general controls) by carrying out independent tests and assessments of compliance with the policies, procedures and regulations as per the approved annual work plans plus audit tasks assigned to other areas;
• Assist in monitoring ICT infrastructure and identifying areas of internal control weaknesses and non-compliance within procedures and provide sound and practical recommendations to management;
• Provide value adding recommendations and supporting in the creation of policies and the automation of procedures and processes to ensure an appropriate level of internal controls, standards to efficiency and compliance is maintained;
• Performing risk assessments and proactively identifying risks on all new and existing ICT systems to improve internal controls and operational effectiveness and efficiency;
• Assist in carrying out technical audit of projects, and projects’ readiness controls and practices;
• Prepare ICT internal audit reports – presenting clear, concise and timely internal audit working papers;
• Review implementation of previous audit findings and ensuring deliverables are on time and up to the expected standards;
• Contribute to developing and maintaining productive working relationships with the business; and
• Work effectively as a team member: providing support, maintaining communication and updating senior team members and management on progress.

Academic Qualifications

• Bachelor’s degree in Information Systems, Information Technology or Computer Science with strong quantitative focus

Professional Qualifications

• Professional certification: Certified Information Systems Auditor (CISA).
• (Certified Information Security Manager (CISM), ISO 27001 Information Security Management System and Certified Internal Auditor (CIA) are added advantages)
• Be a member in good standing of Information Systems Audit and Control Association (ISACA) or other related professional body.
• Good understanding of guidelines and standards as prescribed in IIA-IPPF, ISACA ITAF.
• Good working knowledge of Computer Assisted Audit Techniques (CAATs) and data analytics tools.

Experience

• Minimum of six (6) years of experience in information systems audit/security and/or data analytics related area for IT Auditors; and
• Background in IT operations preferred, with demonstrable business concepts, distributed networks, excellent scripting abilities, database design and management experience required.

Skills and Attributes

• Knowledge of current technological developments/trends in area of expertise and knowledge of software requirements for audit of systems procedures
• Ability to work independently with minimum supervision
• Excellent communication skills – written, oral, presentation, report writing
• Strong decision making skills
• Critical thinking
• Ability to maintain highest levels of integrity and objectivity
• Confidentiality
• Willingness to learn and continuously expand technical and business skills in all areas
• Flexibility in mobility