Job Listing

Purpose of the Job

The IS Auditor will identify control weaknesses, evaluate risks, and recommend practical solutions to enhance the security posture and operational efficiency of ZINARA's information systems.

Responsibilities

1. Assist in developing comprehensive audit plans and programs for information systems, applications, infrastructure, and processes
2. Identify key risks and control objectives related to IT operations
3. Coordinate with IT management and other stakeholders to understand system landscapes and business processes
4. Conduct thorough reviews of IT general controls (e.g., access management, change management, backup and recovery, patch management, incident management)
5. Assess the effectiveness of application controls (e.g., input, processing, output controls)
6. Evaluate compliance with internal policies, industry standards (e.g., ISO 27001, NIST, COBIT), and regulatory requirements e.g
7. Cyber and Data Protection Act
8. Perform data analysis and utilize audit tools to identify anomalies, trends, and control deficiencies
9. Document audit findings, working papers, and evidence clearly and concisely
10. Prepare clear, concise, and well-supported audit reports detailing findings, risks, and recommendations to the Senior IT auditor for review
11. Clearly present draft audit results to IT management and relevant stakeholders, fostering constructive dialogue
12. Assist Senior IT Auditor with tracking and follow up on the implementation of audit recommendations to ensure timely remediation
13. Contribute to the IT risk assessment process, identifying emerging threats and vulnerabilities
14. Provide advisory support on IT control design and implementation for new systems and initiatives
15. Stay abreast of industry best practices, new technologies, and regulatory changes in information security and IT auditing
16. Participate in the development and refinement of audit methodologies, tools, and processes
17. Foster a culture of continuous improvement in IT controls and security.

Qualifications

• 5 O’ Levels including English and Maths /Accounts
• 2 A’ Levels or Equivalent
• Bachelor's degree in Information Technology, Computer Science, or a related field
• Certified Information Systems Auditor (CISA) - Highly preferred.

Experience

• 2-3 years experience in IT audit, information security, or technology risk advisory services
• Experience with internal controls, risk management frameworks, and compliance standards (e.g
• NIST, COBIT, ITIL)
• Strong understanding of information systems, networks, databases, operating systems, and cloud environments
• Proficiency in performing risk assessments and evaluating control effectiveness
• Excellent analytical, problem-solving, and critical thinking skills
• Exceptional written and verbal communication skills, with the ability to articulate complex technical issues to non-technical audiences
• Ability to work independently and as part of a team, managing multiple priorities and deadlines
• High level of integrity and professional ethics
• Proficiency in using audit management software and data analytics tools (e.g., ACL, Tableau, SQL) is a plus
• Knowledge of cybersecurity frameworks and penetration testing methodologies
• Experience with agile methodologies and auditing agile development processes
• Familiarity with GRC (Governance, Risk, and Compliance) platforms.

Competences

None