Manager Cyber Security Auditor

Requirement Overview

Implement audit initiatives to promote the secure, effective and efficient implementation of IT architectures and services within the government sector.

To be a highly knowledgeable subject matter expert in the evaluation of the design and effectiveness of information systems controls and processes. Further, to develop and implement the IT audit plan to review technical system controls, identify deficiencies, communicate control and compliance risks, advise leadership on status of technology-related controls and compliance concerns within the government sector, and provide meaningful and effective recommendations.

Conduct specialised security reviews independently or in support of the allocated teams within the Business Unit in accordance with ISA standards and AGSA policies and procedures.

Roles & Responsibilities

Manage strategic alignment

• Assist with the development and implementation of an IT effectiveness audit strategy in accordance with policies, procedures and legislation.
• Assist with the alignment of the IT Effectiveness strategy to the strategic objectives of the business unit.
• Manage teams to ensure alignment to the vision, mission, strategic goals and values of the AGSA.
• Provide feedback on the implementation/ achievement of strategic objectives to the relevant stakeholders.

Manage audits

• Manage Network Security audits within the allocated time frame.
• Manage Network Security audits in accordance with policies, procedures and legislation requirements.
• Lead, direct and coordinate the portfolio of Network Security audits covering the three audit phases:

-Planning

-Execution

-Reporting

• Liaise with auditees on the provision of advice/ recommendations, setting up meetings, etc.
• Initiate and lead meetings with the audit team regarding the direction and progress of the audits.
• Provide guidance to managers and assistance on audit-related matters.
• Ensure that all risks for the specific audit engagements are addressed. For example:

-Appointment of specialist staff

-Contract in and out

• Conduct audit team visits to:

-Review Work

-Finalise the Audit

-Conclude Working Papers

-Prepare Audit Report

-Attend meetings with the team and auditees.

• Provide motivational talks and training to team members regarding auditing matters.
• Facilitate the transfer of specialised skills for Network Security audits to the IT General Controls teams within the business unit.
• Engage with contracted-out partners.
• Manage all projects to ensure timeous delivery on milestones and the required quality of delivery.
• Perform functions as required by an engagement manager in accordance with the policies of ISA and the AGSA.
• Prepare and take responsibility for presentations.
• Report back to the audit steering committees and audit committees on the planning, execution and reporting of the audits.

Manage Human Resources

• Analyse the business plan to determine the applicable deliverables and targets
• Participate in securing the human resource requirements to ensure that deliverables will be met in accordance with the expected targets
• Manage staff performance to implement a culture of performance management:
• Compile IPC’s and PDP’s
• Conduct coaching sessions to ensure subordinates perform at the optimum level
• Provide constant feedback to subordinates
• Provide mentorship to subordinates
• Conduct performance reviews in accordance with policies and procedures and take corrective action where necessary
• Manage the development of staff and ensure each staff member has a Personal Development Plan
• Create a conducive environment to maintain and enhance employee motivation
• Participate in transformational initiatives inclusive of change, organisational culture, CSI, diversity, etc
• Continually improve own competence through personal development as per PDF and commitment:
• Participate in learning and development programmes
• Participate on programmes for purposes of Continuous Professional Development (CPD)
• Manage Human Resources in accordance with policies, procedures and legal requirements
• Complete Human Resource Management actions within the allocated time frames

Financial Management

• Ensure the delivery of high quality, accurate and cost effective audits through effective planning and resource management.
• Assist with negotiating budgets with regularity audit and ensure that RFAs are signed and submitted on time
• Ensure effective and efficient management of projects in terms of time, cost and quality
• Review and approve timesheets, S&T and advances in line with the allocated budget
• Monitor staff leave, training, non-recoverable activities and recoverability reports to ensure achievement of annual recoverability targets.
• Provide input on the centre income budget
• Assist with the review invoices of CWC before submission for approval

IT effectiveness

• Assist in maintaining industry, information technology and audit knowledge, skills and abilities relating to cyber security, cloud computing, enterprise mobility operating systems, network environments, applications and database management systems, programming languages, LAN / WAN communication concepts, and system development processes.
• Monitor trends within the information technology and government sectors to identify emerging areas of risk facing government.
• Assist with the coordination of the portfolio of IT effectiveness audits covering:

-Value-for-money IT audits

-Effective and efficient deployment of IT infrastructure and services

-Compliance with ECT and PoPI (Protection of Personal Information) act

Skills, Experience & Education

Qualification

• B Degree in Auditing, Computer Science or Informatics

The following will be an added advantage:

• Certified Information Systems Auditor (CISA) or
• Certified Ethical Hacker (CEH) or equivalent

Knowledge

• Knowledge of Auditing
• Knowledge and understanding of the principles of finance and the components involved in finance; must be able to apply PFMA and MFMA principles and adhere to due dates
• In-depth knowledge and skills in Informatics
• In-depth knowledge and skills in assessing/ auditing the security on a networked environment, i.e.:

-Knowledge/ skills in assessing the management and technical configuration of various types of firewalls.

-Knowledge of various types of vulnerability detection tools, how to use them to enumerate vulnerabilities, and how to interpret outputs using the respective tool.

-Knowledge/ skills in assessing the security and configuration of various operating system and database types.

Experience

• Minimum 5 years IS auditing
• Minimum 2-3 years managerial experience
• Extensive experience in vulnerability assessments and penetration testing.
• Candidates with managing / conducting purple team exercises will be preferred.

Closing Statement:

The AGSA is not responsible for the verification of data provided and shall not be liable for any errors, factual, transcription or otherwise, contained in the information posted. Therefore, ensure that your online application and CV is correct, accurate and up to date. To successfully upload documents on the career site, ensure that the document name does not contain any special characters. This appointment is subject to the preferred candidate obtaining the necessary security clearance, reference checking and competency assessment. We embrace and committed in achieving employment equity within the organisation. Auditor General welcomes applications from all persons with disabilities.

NB: Please note that only shortlisted candidates will be contacted. Should you not hear from the us within four weeks, kindly consider your application unsuccessful.