Internal Audit

Responsibilities

• Contribute to the development of risk-based audit plans covering IT and cybersecurity domains
• Perform technology risk assessments across infrastructure, applications, data, cloud environments and third parties
• Identify priority areas such as SOC operations, identity and access management, data protection and business continuity
• Conduct IT systems and cybersecurity audits in line with approved methodologies and best practices
• Evaluate the effectiveness of IT General Controls (ITGC) and application controls
• Review cybersecurity controls including access management, encryption, monitoring, vulnerability management and incident response
• Assess cloud environments, managed services and outsourced SOC arrangements
• Verify compliance with national regulations and government policies (e.g., DESC, ISR, digital government requirements)
• Assess alignment with international standards such as ISO/IEC 27001, ISO/IEC 27035 and ISO 22301
• Review organizational readiness for external audits and certifications
• Audit outsourcing arrangements including SOC-as-a-Service, data centers and cloud providers
• Review SLAs, confidentiality obligations and independent assurance reports (SOC 1, SOC
  2)
• Validate service provider compliance with contractual and regulatory requirements
• Review cybersecurity incident management, response and investigation processes
• Evaluate integration between incident response, business continuity and disaster recovery plans
• Participate in or assess readiness through tabletop exercises and simulations
• Prepare clear and actionable IT audit reports with technical observations, root cause analysis, risk ratings and recommendations
• Discuss findings with IT cybersecurity teams and senior management
• Escalate critical issues to Internal Audit management and Audit Committees as required
• Track remediation actions and validate the effectiveness of corrective measures
• Provide practical recommendations to enhance cybersecurity maturity and IT governance
• Support continuous improvement of control environments
• Provide advisory input for digital transformation initiatives, cloud adoption and smart government systems
• Review risks and controls during design and implementation phases of major IT projects
• Support data governance and AI governance initiatives from an assurance perspective
• Adhere to approved professional conduct and government ethics requirements
• Maintain confidentiality, independence and objectivity in all engagements
• Keep abreast of evolving cyber threats, technologies and regulatory developments

• CISA Certified Information Systems Auditor (Mandatory)
• 10+ years of experience in IT audit, cybersecurity audit, or technology risk within government or large enterprise environments
• Strong knowledge of ITGC, cybersecurity frameworks, cloud security, and incident management
• Experience with national cybersecurity regulations and international standards (ISO, NIST, etc.)

To provide independent assurance and advisory services in the areas of information technology and cybersecurity in support of the Internal Audit function within government entities, by assessing the effectiveness of technical controls, managing cyber risks, and ensuring compliance with national regulations and international standards, thereby strengthening the protection of information assets and the continuity of government services.