KEY DUTIES AND RESPONSIBILITIES
- Develop, implement and manage the organisation’s information security audit and compliance framework.
- Lead internal audits, compliance reviews and assessments of IT and security systems to ensure adherence to policies, standards and regulations.
- Ensure alignment with ISO 27001, PCI DSS, NIST, COBIT, Cyber and Data Protection Act and other relevant standards and legal requirements.
- Identify control weaknesses, non-compliance issues and risks and recommend corrective actions.
- Prepare and present audit reports, compliance dashboards and risk assessments to senior management.
- Work closely with internal audit, external auditors, regulators and business units to coordinate audit engagements and follow up on findings.
- Provide compliance guidance on new systems, emerging technologies and business initiatives.
- Establish a continuous compliance monitoring program, leveraging automation and governance tools where possible.
- Mentor and oversee audit and compliance analysts to build capacity and ensure high-quality outputs.
- Drive a culture of accountability, ethics and compliance throughout the organisation.
QUALIFICATIONS AND EXPERIENCE
- Bachelor’s degree in Information Security, Computer Science, Accounting, Risk Management or related field
- Professional certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor/Implementer, are strongly desirable.
- At least 5 years’ experience in information security audits, IT governance, or compliance, with at least 3 years in a leadership role.