Information Systems Auditor

Desired Skills and Experience

• Education: A Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or a closely related discipline is required.
  
• Professional Certification: Certification is essential. The Certified Information Systems Auditor (CISA) is highly preferred. Additional certifications such as CISSP, CRISC, COBIT, or CIA are a distinct advantage.
  
• Experience: 1–2 years of experience in IT Audit, IT Risk, or Technology Assurance is required. Experience auditing ERP, CRM, or multi-tenant platforms is considered a strong advantage.
  

Technology Risk & Control Assurance

• Evaluate technology risks associated with strategic business initiatives and propose suitable mitigation strategies.
  
• Execute risk-based audits encompassing: Application controls,Information security controls,Change management processes,Incident management processes,IT operations and service quality,Data protection standards and Logging and monitoring mechanisms
  
• Conduct audits of transaction systems to assess the sufficiency of both automated and manual controls.
  

Audit Planning & Execution

• Contribute to the development and delivery of the annual Technology audit coverage.
  
• Ensure audit objectives, scope, procedures, and results are properly documented in alignment with internal audit methodology and technology strategy.
  
• Maintain high-quality audit working papers in accordance with internal policies and professional audit standards.
  

Reporting and Stakeholder Engagement

• Engage in constructive discourse with key stakeholders and management regarding audit observations.
  
• Formulate comprehensive, risk-rated audit reports delineating control deficiencies, underlying causes, systemic thematic issues, and identification of emerging trends.
  
• Monitor the timely remediation of identified audit findings and proactively collaborate with stakeholders to ensure adherence to agreed-upon deadlines, thereby preventing overdue corrective actions.
  
• Offer strategic insights about industry best practices and the evolving landscape of technology risks.
  

Continuous Risk Assessment & Advisory

• Execute ongoing information systems risk assessments.
  
• Serve as a subject matter expert concerning information system controls and prospective technologies.
  
• Build trusted professional relationships across the Technology, Risk, and Internal Control functions while upholding the independence of the auditing role.
  
• Provide control design input to support strategic initiatives without compromising objectivity.