ESSENTIAL DUTIES & RESPONSIBILITIES:

• Execute risk-based IT audit engagements in accordance with the approved Internal Audit Plan, ensuring adequate coverage of assigned high-risk systems, processes, and technology areas.

• Perform assessments of IT General Controls (ITGCs), logical access controls, privileged access management, change management processes, System Development Life Cycle (SDLC), and IT operations as directed.

• Conduct walkthroughs, control design assessments, and operating effectiveness testing, and prepare comprehensive audit documentation and working papers in accordance with professional auditing standards.

• Assess compliance with recognized frameworks and standards including ISACA guidelines, ISO 27001, and applicable regulatory requirements, and document findings clearly and objectively.

• Evaluate ERP application controls within environments such as Oracle, SAP, or Banner, identifying control gaps and supporting the preparation of audit findings and recommendations.

• Prepare draft audit findings, reports, and management action plans for review by the Director of Internal Audit, ensuring findings are accurate, well-evidenced, and clearly communicated.

• Design and execute data analytics procedures across financial and non-financial datasets to enhance audit coverage, support risk identification, and strengthen audit conclusions.

• Apply analytics techniques including exception reporting, anomaly detection, segregation of duties analysis, and fraud risk indicators to assigned audit engagements.

• Develop dashboards, automated scripts, and data visualization outputs using tools such as Excel (advanced), Power BI, SQL, or equivalent, to improve audit efficiency and reporting accuracy.

• Support the implementation and maintenance of continuous auditing and monitoring mechanisms under the guidance of the Director of Internal Audit.

• Assist in special reviews, investigations, and data-driven assignments as directed, applying structured analytical approaches and maintaining objectivity and professional scepticism.

• Contribute to the development and standardization of IT audit programs, working papers, and methodology documentation in support of audit quality and consistency.

• Participate in IT risk assessment activities and assist in maintaining the IT risk universe and audit universe as directed.

• Coordinate with auditee staff to schedule walkthroughs, gather evidence, and follow up on outstanding audit requests in a timely and professional manner.

• Keep current with emerging technology risks, cybersecurity developments, and evolving IT audit practices relevant to the higher education sector.

Qualifications, Certifications and Experience:

Qualification:

• Bachelor's degree in Information Technology, Computer Science, Finance, or a related field. A Master's degree is preferred.

Certifications

• Certified Information Systems Auditor (CISA) — required.

• ISO 27001 Internal Auditor or Lead Auditor — preferred.

• Additional relevant certification such as CIA is advantageous.

Experience

• Minimum 8 years of progressive experience in IT audit, risk, and compliance, including a minimum of 3 years of hands-on experience in data analytics within an audit or risk context.

• Demonstrated experience executing IT General Controls audits, application controls reviews, and ERP audit assignments.

• Experience working within a structured internal audit function, applying risk-based audit methodologies and professional auditing standards.

Knowledge & Skills

Required

• Strong knowledge of IT General Controls, ERP environments (Oracle, SAP, Banner, or equivalent), and IT governance frameworks.

• Proficiency in data analytics tools including advanced Excel and Power BI; working knowledge of SQL or equivalent querying tools.

• Solid understanding of ISACA frameworks, ISO 27001, and risk-based internal audit methodology.

• Strong documentation and report writing skills with attention to detail and clarity of expression.

• Professional skepticism, analytical thinking, and the ability to identify and articulate control weaknesses.

• Effective communication and interpersonal skills to engage with auditees at all levels of the organization.

Preferred

• Exposure to fraud risk assessment methodologies and forensic data analysis techniques.

• Experience with scripting tools such as Python or R for data extraction and analysis.

• Knowledge of continuous auditing and monitoring tools and practices.

WORKING CONDITIONS:

• Work is normally performed in a typical interior/office work environment.

• No or very limited physical effort is required.

• No or very limited exposure to physical risk.

SUPERVISION:

Reports to: Director of Internal Audit

Subordinates: None