IT Audit Senior Manager

Incumbent must have deep understanding of penetration testing (pen-testing) methodologies (e.g. MITRE ATT&CK) and ethical hacking principles. AND/OR Deep understanding in cyberattack incident response, incident response frameworks (NIST 800-61, SANS PICERL) and forensic analysis (post incident investigation). Responsibilities Lead, direct and coordinate portfolio of audits covering the three audit phases Provide input into the strategic objectives to assist in establishing the strategic direction of the Business Unit (BU). Facilitate the implementation of the Business Unit and Specialised Audit Solutions (SAS) strategic plans in accordance with policies, procedures and legislation. Manage teams to ensure alignment to the vision, mission, strategic goals and values of the Organization Provide feedback on implementation / achievement of strategic objectives to the relevant stakeholders Liaise with auditees in the provision of advice / recommendations, setting up meetings, etc Initiate and lead meetings with the audit team regarding the direction and progress on the audits Provide guidance to managers and assistance on audit related matters Ensure that all risks are addressed for the specific audit engagements, for example: Appointment of specialist staff, Contract in and out Conduct audit team visits to: Review work Finalise the audit Conclude working papers Prepare audit report Attend meetings with the team and auditees Provide motivation talks and training on auditing matters to team members Engage with contracted out partners Project manage all projects to ensure timeous delivery on milestones and quality of delivery is met Perform functions as required by an engagement manager as spelled out in the ISAs and the Organization policies Prepare and take responsibility for presentations Report back to the audit steering committees and audit committees on the planning, execution and reporting of the audits Manage audits within the allocated time frame Manage audits in accordance with policies, procedures and legislation Requirements Minimum qualification of NQF Level 8 (i.e. Honours Degree/ National Diploma Postgraduate Diploma) e.g. B Com with specialisation in Auditing and/or Information Technology Certified Information Systems Auditor (CISA) or equivalent (e.g. a recognised IT auditing certification) AND at least one of the following: Offensive Security Certified Professional (OSCP) or equivalent (e.g. CEH) and/or Certified Incident Handler (ECIH/ GCIH) or equivalent (e.g. CRIA) Minimum of 6 years experience post qualification with at least 4 years experience operating at a manager/middle management level Extensive experience in managing cybersecurity and network security audits, with a strong understanding of networked environments that support various application hosting infrastructures, including Windows and Unix-based operating systems, as well as MSSQL and Oracle databases Extensive experience in conducting cybersecurity maturity assessments, particularly within the Southern African context. This includes a strong ability to position insights and control recommendations for clients, guided by leading frameworks such as NIST CSF, ISO 27001/2, CIS, and COBIT

Location: Pretoria, ZA

Posted Date: 10/11/2025