Information System Audit Manager

Job Objective

The MANAGER, INFORMATION SYSTEMS AUDIT effectively directs, leads and manages the information systems and technology-related audits of the Food Group including its operations and/or governance; provides reasonable assurance on the effectiveness and efficiency of controls, governance and risk management processes of business units, subsidiaries and affiliates applying applicable industry standards; and partners with the various Strategic Business Units (SBU) in enhancing/improving current business performance and future competitiveness. 

The Manager, Information Systems Audit will play a crucial role in promoting a culture of strong IT governance, risk management, and compliance, contributing to the organization's overall success and operational excellence.  As such, the position will be responsible for preparing and implementing a risk-based IT audit plan and process improvement plan to assess, report on, and make suggestions for improving the company’s IT related operational activities. 

Key Duties and Responsibilities

Audit/Risk-Management/Compliance 

Audit Planning: Develop and execute a risk-based annual internal audit plan, considering key control areas, regulatory requirements, and industry best practices.

IT Audit Engagement: 

• Lead the delivery of complex technology, application, infrastructure, and security audits, project / program audits and integrated audits and assess compliance with company policies, procedures, relevant regulations, and industry standards. Typical audit topics are wide ranging and may include Cloud, AI, IT governance and cybersecurity amongst others.
• Responsible for all aspects of the audit delivery including determining the risk-based audit scope and objectives, designing the approach/work program, planning and managing the audit delivery, conducting fieldwork activities and testing, proactive discussions with business and IT management to validate audit observations, communicate observations, finalize and issue audit reports.
• Monitor and report the implementation of audit recommendations and track progress to ensure timely resolution of identified issues.

Risk Management: 

• Perform detailed testing, documentation, and analysis of processes, transactions, and systems to identify control deficiencies, process gaps, and potential risks.

Reporting and Communication:

• Prepare clear and concise audit reports, highlighting observations, recommendations, and management responses, for presentation to senior management and the Audit Committee

• Presents audit results to management, highlighting areas of concern and improvement opportunities.

• Facilitates effective communication and collaboration with key stakeholders.

Business Process Improvement

• Evaluate the adequacy of process design and the effectiveness of controls in meeting business and control objectives.
• Identify and document control and process weaknesses and recommend ways to improve processes.
• Provide recommendations to address identified control deficiencies and improve operational efficiency, risk mitigation, and compliance.
• Foster effective communication and collaboration with key stakeholders, including department heads, process owners, and external auditors.

Business Partnering

Collaborates with various stakeholders across the business to add value, enhance decision-making processes, and contribute to overall organizational success such as:

• Advisory and consultation on improving IT-related process, controls, and risk management strategies to assist in decision making and enhancing operational efficiency.

• Offer expertise in evaluating risk exposure and providing recommendations to minimize risk and ensure business resilience.

• Collaborate in assessing fraud or cyber security risks, conducting investigation, and recommending controls to mitigate fraud or cyber security risks and safeguards the organization’s assets.

• Partner with leaders in developing KPIs and performance monitoring frameworks.

• Assist by providing advisories in change management activities such as mergers, acquisitions or system implementations.

• Build and sustain positive working relationships with colleagues in Internal Audit and stakeholders in technology and the wider business.

Continuing Education & People Development

• Keep abreast of regulatory changes, industry standards, and emerging information technology risks relevant to the industry by attending trainings, forums and/or conferences and assess their impact on the company's internal controls and audit approach.
• Regularly assess current practices, methodologies and team skills against available benchmarks (e.g. audit associations i.e. ISACA, IIA-P, International Association of Privacy Professionals) and implement programs to address issues, if any.
• Lead and manage the assigned internal audit team, including assigning audit engagements, providing guidance and mentoring, and conducting performance evaluations.
• Design and implement programs to improve compliance in general, including the conduct of regular training and orientation for employees.

Administrative:

• Take part in special investigations where necessary and report to the Audit Committee with the highest level of confidentiality.
• Participate in the internal control projects covering all operations where necessary for One Food Group and the Group of companies.
• Adheres to and keeps abreast about company/department policies and Code of Conduct/Ethics; and actively participates in company activities.

Education:

• A bachelor’s degree in computer science, information systems, accounting, finance, or other related fields is typically required. 

Experience:

• Seven (7) years IT-related experience, of which minimum 5 years IT audit experience and three (3) years of supervisory or project leadership experience

• Familiarity with auditing widely used server, platform, database and end point technologies (e.g. Windows server, SQL server, Unix/Linux, SAP, etc.)

• Advanced knowledge of the Standards (ISPPIA) and audit frameworks (COBIT, COSO).

• Well-versed in the use of MS Office (Excel, Word and Power Point Presentations) and familiar with Computer Aided Auditing Tools (CAATs), preferred but not required.

License/s: 

• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP) or other equivalents.  

#LI-CG1