This role provides strategic oversight and governance of IT systems data privacy and compliance programs. It is responsible for ensuring regulatory compliance (NDPR GDPR) aligning with industry standards (PCIDSS ISO 27001 NIST) and enhancing operational efficiency. The role proactively identifies and mitigates IT and data privacy risks strengthens GRC frameworks and delivers actionable recommendations to support a secure resilient and compliant technology environment
Audits:
- Conduct scheduled adhoc and focused IT and data privacy audits across all company locations in accordance with Internal Auditing Standards (IIA).
- Perform review of penetration testing vulnerability scanning and security audits to uncover potential threats.
- Prepare audit working papers and audit files to quality standards within agreed timescales and deadlines
- Draft clear datadriven audit reports and recommendations on vulnerabilities for review by the Head of Internal Audit
- Perform regular testing of IT applications infrastructure and data privacy controls (e.g. access management encryption etc) identifying critical gaps during testing cycles.
- Collaborate with business units to integrate efficiency improvements into IT systems achieving a measurable reduction in process downtime or errors.
- Identify and document process gaps or control weakness across IT and business operations.
- Monitor and report changes in IT risk profiles contributing to GRC policy updates and ensuring uptodate risk and compliance register quarterly.
- Conduct special reviews spot checks or investigations as assigned.
- Provide and seek constructive feedback during audits achieving satisfaction rating in team and stakeholder feedback surveys.
- Followup responsible teams to implement the recommendations of internal auditors consultants and security analysis.
- Participate in IT projects and product development with the aim of identifying risks and recommending appropriate controls.
- Assess GRC frameworks including IT governance policies risk management processes and compliance controls identifying gaps and ensuring alignment with industry standards and regulations.
Quality Management and Improvement:
- Maintain a deep understanding of CapitalSage Holdings IT policies data privacy protocols and organizational culture proactively identifying risks that could impact strategic objectives (e.g. zero undetected highrisk issues).
- Understanding of secure software development lifecycle (SDLC) methodologies and conducting social engineering assessments and phishing simulations.
- Assist in the promotion of an Internal Audit service that aims to meet/exceed stakeholder expectations.
- Participate in process improvement/redesign and system upgrade/implementation efforts to ensure relevant requirements are considered and built into new systems and processes.
- Provide advisory services to the Risk management & Compliance functions on risk management and compliance improvement opportunities across business operations.
- Ensure prompt reporting of risk positions to the Head Internal Audit.
- Interpret and analyze reports/data/information to identify possible risk exposure.
Requirements
Experience & Qualifications
Bachelor s degree.
10 15 years in IT audit risk cybersecurity and compliance.
Background in audit firms or manufacturing/financial sectors is a plus.
At least one relevant certification: CISA CIA CISSP CISM or CDPSE.
Technical Skills
Solid knowledge of IIA standards and IT audit frameworks (e.g. COBIT ITIL).
Skilled in riskbased IT audits internal controls and data privacy compliance (NDPR GDPR).
Strong grasp of cybersecurity including threat detection and incident response.
Proficient in MS Excel Power BI or ACL for data analysis.
Familiar with cloud platforms (AWS Azure) and audit systems.
Good command of MS Office tools.
Behavioral Attributes
Team player who performs well under pressure and meets deadlines.
Detailoriented discreet and capable of handling multiple tasks.
Strong communicator with the ability to engage across all levels.
Selfdriven and tactful with a proactive mindset.