IT Auditor at Sahara Group

Purpose Statement

• The role of an IT Auditor is responsible for analyzing and assessing Sahara Group’s technological infrastructure to ensure processes and systems run accurately and efficiently, while remaining secure and meeting compliance regulations.
• The role manages activities involve leading/conducting projects in the IT audits, compliance audits, investigations and advisory on the IT domain.

Key Deliverables:

• Identify and evaluate the company’s audit risk areas relating to Information Technology through a risk-based IT audit methodology
• Perform specialized IT audits/reviews and ensure the adequacy of audit scope, the adequacy of testing performed, and the accuracy of conclusions reached;
• Plan the resources and requirements for different IT audit assignments, business applications review and other audit tasks.
• Prepare/develop IT audit programs with appropriate testing mechanisms, execute the programs, recognize IT control weaknesses, assess the materiality of these weaknesses, and relate them back to the scope and objectives of the audit;
• Communicate the results, findings, and recommendations of IT audit projects via written reports and face-to-face presentations on a timely basis;
• Follow up on the implementation of IT audit recommendations in a timely manner;
• Administer and support the Audit Management Software and Audit Tools (e.g. ACL) to facilitate Internal Audit Activities
• Assess information technology control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business information in compliance with security best practices (such as ISO 27000);
• Interact with staff, section heads, and managers and when necessary with management in order to obtain and/or communicate relevant information to achieve the objective/s of the IT audit;
• Maintain all organizational and professional ethical standards and ensure IT audit activities are carried out in compliance with applicable standards including International Standards for the Professional Practice of Internal Auditing, IIA Code of Ethics, and ISACA (Information Systems Audit and Control Association) Information System standards and guidelines;
• Plan and execute audits of IT platforms/infrastructure (e.g. operating system, database management system, and business applications) and evaluate IT security controls.
• Support the business/process owners in the identification and assessment of IT-related inherent and residual risks and ensure documentation of such risks in the company’s risk register.
• Lead consulting engagements related to Information and network security, IS governance, Business continuity and disaster recovery based on best practices of each area (ISO 27000, ISO 20000, ITIL and COBIT framework) if required to do so.
• Review of Technology related policies and procedures and any IT operations of the Company for submission to the Head, Internal Audit before being raised for management/board approval.
• Conduct or lead the Internal Audit team in performing IT-related investigations or any special audit assignments relating to the domain of IT and other business applications;
• Carry out any other duties as requested by the Head, Internal Audit.

Minimum Qualification/Experience

• Relevant University Degree in related field.
• Minimum of 5 years of cognate experience in IT Audit in the Energy sector
• Professional certification in information system auditing (i.e., CISA/CISSP) and accountancy certifications (such as ACA, ACCA, CIA etc.) is preferred.
• Experiential knowledge of ACL to perform data analysis and investigations will be an added advantage.
• Communication: Actively work to achieve clear and transparent communication with colleagues and with stakeholders of the Organization
• Collaboration: Works effectively with others on common goals and fosters a positive, trust-based working environment
• Planning: Works towards the achievement of goals in a structured and measured manner
• Analysis and decision-making: Analyses available information, draws well-founded conclusions and takes appropriate decisions
• Initiative-taking: Proposes and initiates new ideas, activities and projects
• Exceptional ability to work independently as well as with all levels of management and staff.
• Ability to handle multiple tasks requiring a high degree of attention to detail with changing levels of priority.

Working Relationship:

• Executive Directors
• Managing Directors within the Group
• All Staff
• Finance department
• IT department