Provide Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security.
Responsible for developing and maintaining the IT Risk Assessment at the Group Level under the oversight of the Group Director; including identifying areas where business units should consider additional investment and areas internal audit should focus.
Conduct audits or lead audit teams in the performance of IT audits and reviews of systems, applications, and IT processes. Prepare and report results to executives and Audit Committees.
Perform pre and post-implementation reviews of system implementations or enhancements.
IT security audits (e.g. network, operating system, and data center), including evaluating if security vulnerabilities are properly identified and mitigated. Coordinate the scope and performance of these reviews with business units and external security experts.
Evaluate information general computing controls and provide value-added feedback. Test compliance with those controls. Coordinate with Sox teams as applicable.
Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery, and information security to ensure that controls surrounding these processes are adequate.
Develop, build & implement tools to analyze data to improve audit efficiency and effectiveness, (including for risk assessments). Ultimately be a source for analytics that business units adopt to provide business insights or for continuous auditing.
Conduct audits or lead audit teams in operational/financial audits
Desired Candidate Profile
Must have experience working for Retail, Wholesale, Supermarket, or Commercial Industry
Recognized accounting/auditing/information system certifications (e.g. CPA, CISA, CIA,CISSP)
Candidate should not be working in Audit Firm (Currently)