Senior System Internal Auditor at GSM Group

Assess and evaluate the adequacy and effectiveness of internal controls, including general and application controls for IT systems.

• Perform reviews of system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
• Ensure compliance with legal, regulatory, and internal policy requirements.
• Execute audit activities in line with the audit plan approved by the board audit committee.
• Lead audit entrance meetings to define objectives, scope, timelines, and required information, incorporating auditee concerns.
• Prepare audit discussion memos (ADM) with confirmed observations, root cause analysis, risk assessment, and recommendations, submitting them for supervisory review.
• Conduct closure meetings to finalize reports with auditee input and ensure action plans address identified gaps.
• Develop final reports for Chief Internal Audit review and circulation to management.
• Optimize the use of internal audit tools and systems to enhance efficiency.
• Foster collaboration by maintaining effective communication within the internal audit function and with other departments.
• Provide guidance and mentorship to colleagues and junior staff.
• Drive remediation of risk management exceptions and promote a strong risk management culture.
• Develop and execute risk-based audit plans with a focus on IT risks, cybersecurity, and emerging threats.
• Assess cybersecurity frameworks, data privacy controls, and IT governance mechanisms to ensure compliance with best practices.
• Identify and mitigate fraud risks in IT systems, including audits for irregularities, unauthorized access, or data breaches.
• Provide advisory support on IT governance, regulatory compliance, and industry standards to enhance system controls.
• Implement and optimize continuous auditing and data analytics for real-time risk monitoring.
• Evaluate IT risks associated with third-party vendors, outsourced services, and cloud computing solutions.
• Review incident response, business continuity, and disaster recovery strategies to ensure resilience against cyber threats.
• Assess risks associated with emerging technologies to ensure secure adoption and implementation.
• Collaborate with IT, compliance, and risk management teams to strengthen IT controls and governance frameworks.
• Conduct training and awareness programs on IT risk management, cybersecurity, and system security best practices.

Qualifications & Skills

• Bachelor’s degree in information technology, computer science, or a related field.
• Professional Certifications: Certified Information Systems Auditor (CISA)—highly desirable; Certified Information Security Manager (CISM); Certified Internal Auditor (CIA).
• Minimum of 5 years’ experience in IT auditing, risk management, cybersecurity, or internal controls.
• Experience in auditing ERP systems, database security, and IT infrastructure.