Senior IT Assurance Lead needed at Sasol

Purpose of Job

• To Lead and execute IT second level assurance over IT General Controls (ITGCs) including Manage and execute audits with a specific focus on information technology and cyber security within the Sasol Group in order to mitigate risks impacting Sasol’s operations and to provide subject matter expertise and ensure compliance with Sarbanes-Oxley (SOX) requirements. The role includes monitoring, reporting, and advisory support for ITGC design and operating effectiveness. Support for control deficiency management by conducting risk and impact assessments and advising on remediation strategies in alignment with external audit standards such as PCAOB, COSO and Sasol Assurance Services Operating Manual. Advising on continuous improvement in control design and operational effectiveness, when performing Second-level assurance over IT General Controls (ITGC),

Key Accountabilities

• Manage area of responsibility in respect of understanding the IT/IM environment, identification of high-risk areas, and to compile the audit plan for the area of responsibility.
• Maintain up to date knowledge in respect of the IT/IM area of responsibility to provide timely guidance to the stakeholders and team on controls, changes in the environment and emerging technologies and risks.
• Sharing changes and developments in the area of responsibility upwards to the Senior Manager IM GRC. Be the first contact point for IM stakeholders in respect of area of responsibility.
• In conjunction with other team members in IM GRC, manage the timing of audit engagements to ensure the timely completion of the audit plan.
• Compile and review planning memorandums and audit programs to ensure focus on high level risks and internal control taking into consideration strategic objectives.
• Execute audits by identifying risks and weaknesses and ensuring that processes and systems comply with applicable policies, standards, statutory and regulatory requirements.
• Manage and execute planned and ad-hoc audits (own and managed audits) as well as resources in line with planned budgetary requirements and set timelines to contribute to the completion of the IM GRC Audit Plan Conduct audits to provide assurance that the internal system controls established by management to safeguard assets and liabilities of the company are adequately designed and operating effectively.
• Oversee and independently monitor IT General Controls (ITGCs) by developing assurance frameworks, performing second-level assurance, assessing key IT risks, and recommending remediation for identified control gaps
• Ensure the submission of factual and timely reports (own and managed) within the required reporting protocol, and integrate changes as required from stakeholder feedback.
• Ensure that all audit working papers including the evidence supporting audit report findings and results are adequately captured/ documented.
• Review audit reports and working papers of audits managed when requested by Senior Manager or Head / Vice-President of IM Department.
• Plan, manage, execute and report on management requested audits, when required.
• Conduct quality reviews and peer reviews and adhere to quality improvement practices.
• Complete all review notes of audits managed and take appropriate corrective actions.
• Provide expert advice to IM Function on best practice and effective implementation of relevancy IT / group policy.
• Respond to management queries in relation to the internal control environment within area of responsibility.
• Contribute to the compilation and submission of reports to IM EXCO, the Group Executive Committee, Governance Committees, Executive Committees and Sasol Limited Audit Committee.
• Monitor progress against annual audit plan, identify significant governance issues, and escalate to top management as required.
• Engage with relevant stakeholders, attend relevant stakeholder forums and provide specialist advice.
• Contribute to the development and drive implementation of the integrated risk based annual assurance plan.
• Contribute to the development of auditing policies, procedures, and programs in alignment with Sasol Assurance Services methodologies
• Keep up to date with and share knowledge in respect of new/ emerging developments in the internal audit profession and technological solutions.
• Stay abreast with new developments in the Sarbanes Oxley (SOX), COSO, PCAOB, the various accounting standards as well as auditing requirements related to the JSE and NYSE listings Execute and provide support non-audit activities as allocated.

Formal Education

• University Bachelor’s degree Information Systems, Computer Science, IT Auditing, or related field.
• Professional certifications such as CISA, CRISC, CGEIT, or CIA advantageous 

Min Experience

• 11+ relevant years of experience. –
•  7+ years in IT audit, risk, or assurance roles within large organisations.
• Strong understanding of IT risk, COSO, COBIT, ITGCs, and governance / control frameworks.
• Experience in second-line assurance and control monitoring.
• Familiarity with GRC tools and data analytics platforms. 

Certification

• Minimum requirement is a University Bachelor’s degree in Auditing and/ or Information Technology.
• Chartered Accountant – CA(SA) or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) is advantageous.
• Chartered Accountant – CA(SA) is advantageous.