Senior IT Auditor

Conduct scheduled, ad-hoc, and focused IT and data privacy audits across all company locations in accordance with Internal Auditing Standards (IIA). Perform review of penetration testing, vulnerability scanning and security audits to uncover potential threats. Prepare audit working papers and audit files to quality standards within agreed timescales and deadlines Draft clear, data-driven audit reports and recommendations on vulnerabilities for review by the Head of Internal Audit Perform regular testing of IT applications, infrastructure, and data privacy controls (e.g. access management, encryption etc), identifying critical gaps during testing cycles. Collaborate with business units to integrate efficiency improvements into IT systems, achieving a measurable reduction in process downtime or errors. Identify and document process gaps or control weakness across IT and business operations. Monitor and report changes in IT risk profiles, contributing to GRC policy updates and ensuring up-to-date risk and compliance register quarterly. Conduct special reviews, spot checks, or investigations as assigned. Provide and seek constructive feedback during audits, achieving satisfaction rating in team and stakeholder feedback surveys. Follow-up responsible teams to implement the recommendations of internal auditors, consultants, and security analysis. Participate in IT projects and product development with the aim of identifying risks and recommending appropriate controls. Assess GRC frameworks, including IT governance policies, risk management processes, and compliance controls, identifying gaps and ensuring alignment with industry standards and regulations. Quality Management and Improvement Maintain a deep understanding of CapitalSage Holdings’ IT policies, data privacy protocols, and organizational culture, proactively identifying risks that could impact strategic objectives (e.g., zero undetected high-risk issues). Understanding of secure software development lifecycle (SDLC) methodologies and conducting social engineering assessments and phishing simulations. Assist in the promotion of an Internal Audit service that aims to meet/exceed stakeholder expectations Participate in process improvement/redesign and system upgrade/implementation efforts to ensure relevant requirements are considered and built into new systems and processes Provide advisory services to the Risk management & Compliance functions on risk management and compliance improvement opportunities across business operations Ensure prompt reporting of risk positions to the Head IT Audit Interpret and analyze reports/data/information to identify possible risk exposure Requirements Requirements Possess 5 to 10 years progressive experience in IT audit, risk management, cybersecurity and compliance roles Minimum of a University degree Experience in an Audit and Accounting firm. Experience in the manufacturing and/or financial services industry. Experience auditing systems, applications and Information Technology control. Possession of a minimum of one of the under-listed professional qualifications, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Data Privacy Solutions Engineer (CDPSE).