Senior Auditor: Cyber Security

The Road Accident Fund’s mission is to provide appropriate cover to all road users within the borders of South Africa; to rehabilitate and compensate persons injured as a result of motor vehicle accidents in a timely and caring manner; and to actively promote safe use of our roads.

Purpose of the Job: Reporting to the Manager: IT Audit, the successful incumbent is responsible for conducting IT audits with a specific focus on Cyber Security as per the audit plan and supervise junior staff.

Key Performance Areas

Plan the Implementation of Cyber Security IT Audits

• Plan and conduct Cyber Security IT audits as per the approved Internal Audit Methodology.
• Conduct preliminary survey to understand the area to be audited.
• Arrange meetings with the auditee and discuss areas of concern.
• Draft the audit planning memorandum and discuss it with the auditee before submitting it for approval.
• Discuss the planning documents with the auditee after the opening meeting for confirmation of changes that need to be effected.
• Formulate the audit program based on the outcome of the preliminary survey using appropriate audit methodologies.
• Address and respond to reviews on all planning documents from the IT Audit Manager.
• Obtain approval of the audit program as well as all other planning documents (mentioned above) from the IT Audit Manager.

Supervise the Audit Process

• Provide regular team progress to the IT Audit Manager.
• Conduct and supervise the audit as per the RACM.
• Review working papers for completeness and accuracy before submission to the IT Audit Manager.
• Review preliminary survey work performed by auditors.
• Review the system descriptions and risk and control gap analysis performed by the internal auditors.
• Schedule progress meetings with the auditee and discuss factual correctness of potential findings.
• Refer to management any issues that require immediate action.

Policy Review and Implementation

• Contribute to the development and implementation of departmental policy, procedures and processes.
• Keep up to date with effective policy and practice execution strategies.

Reporting

• Prepare and submit draft audit report with findings addressing audit objectives and scope to the IT Audit Manager.
• Address review notes from the IT Audit Manager and capture close-out meeting minutes.
• Provide assurance and recommend controls to business units in accordance with the relevant laws and regulations and National Treasury frameworks.

Stakeholder Management

• Facilitate and manage communication with relevant internal and external stakeholders and proactively and progressively manage the relationships.
• Communicate with all levels of stakeholder contact.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Auditing/ Computer Auditing/ Information Technology related qualification.
• Registered with the Institute of Internal Auditors and/or ISACA.
• CISA certification.
• CISSP/ CRISC/ CISM/ CGEIT will be an added advantage.
• Relevant 5 - 7 years’ experience in an IT auditing environment with specific experience in Cyber Security with a focus on technical applications and knowledge.
• Experience in the completion of SAP Basis, General Controls Reviews (GCR’s) as well as Application Controls Reviews (ACR’s), SDLC and Cyber Security Reviews.

NB: “RAF offers Total Employment Cost packages with no additional contributions from the Employer, successful candidates are required to structure their packages in a manner that will suit their needs”.

The Road Accident Fund subscribes to the principles of employment equity and preference will be given to People with Disabilities.

Applicants who have not received any correspondence from us within six weeks from the closing date can consider themselves unsuccessful

Security Vetting shall be conducted on all prospective employees

It is the applicants’ responsibility to have foreign qualification evaluated by the South African Qualification Authority (SAQA) and to provide proof of such evaluation.