ROLE PURPOSE
The aim is to state the overall significance of the job from the organization's perspective.
Perform and support risk-based information security audits covering cybersecurity, access controls, data privacy, and protection of sensitive data; contribute to providing independent assurance and advisory services to enhance governance, control effectiveness, and overall security posture.
Key Accountabilities & Activities
This section describes the principal outputs required from the job.
Key Accountabilities
Key Activities
- Risk-Based Planning & Prioritization
- Define and execute the Information Security audit plan covering cybersecurity, access controls, and protection of sensitive data.
- Evaluate and prioritize security-related risks and determine high-priority audit engagements for execution.
- Security Assurance & Advisory
- Provide assurance and consultancy on information security governance, policies, procedures, and regulatory compliance.
- Recommend improvements to information security controls to address vulnerabilities and strengthen defense mechanisms.
- Provide reasonable assurance for compliance with applicable security standards to ensure data confidentiality, integrity, and availability.
- Threat-Led Testing & Technical Assessments
- Conduct or oversee compromise assessment and penetration testing activities to evaluate the effectiveness of existing security defenses, detect potential breaches, and validate remediation efforts.
- Conduct formal audits and gap assessments against national, regional, and industry security standards.
- Privacy, Data Governance & AI Ethics
- Audit data privacy, governance, and protection mechanisms to ensure adherence to applicable laws and internal policies.
- Evaluate the AI lifecycle from data acquisition to deployment to ensure fairness, transparency, and compliance with ethical and regulatory requirements.
- Assess controls that influence user trust, service reliability, and the organization's overall security posture.
- Follow-Up & Performance Metrics
- Monitor implementation of information security-related corrective actions to ensure timely and effective resolution.
- Develop and review periodic information security audit metrics to monitor performance, risk coverage, and control effectiveness.
- Special Assignments & Reporting
- Perform special security-related audit assignments based on management requests.
- Issue concise reports with risk-ranked findings, root causes, and actionable recommendations; brief management/committee.
- Policies, Processes & Procedures
- Follow all relevant departmental policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
- Comply with all relevant safety, quality and environmental management policies, procedures and controls to ensure a healthy and safe work environment.
- Information Security
- Ensure the implementation of various information Security practices and standards to ensure compliance with relevant policies and the protection of ELM data and information.
