Principais atividades:
• Performing a variety of third-line IT Internal Audits, completing audit fieldwork testing to assess the design and operating effectiveness of IT processes and related controls, within agreed timelines (with a strong delivery focus). Standard Internal Audit methodology will be followed, populating audit work performed within Team Mate (our Internal Audit system).
Clear IT Audit reports will be drafted containing IT Audit Issues with agreed management action plans.
Open IT Audit issues will be proactively tracked through to remediation / closure.
• Performing rolling IT SOX (Sarbanes-Oxley Act) testing of the design and operating effectiveness of IT Entity Level Controls (IT ELC’s), IT General Controls (ITGCs) and IT Application Controls (ITACs) across key financial applications and supporting tools, within agreed timelines (with a strong delivery focus).
Standard Financial Controls / ICoFR (Internal Control over Financial Reporting) methodology will be followed, populating SOX control design and operation within Team Mate (our Internal Audit system).
Clear IT control deficiencies will be drafted with agreed management action plans.
Open IT deficiencies will be proactively tracked through to remediation / closure.
• Collaboration with IT Management stakeholders (CIO’s and CISOs) to perform ongoing continuous monitoring of IT controls and update IT Risk Assessments. Feeding this IT control analysis into the annual IT Audit Plans.
• Collaboration with the Brazil IT External Audit team (EY).
• Promoting the alignment of Sompo International IT controls with IT Regulatory requirements, and IT Industry Frameworks, and Standards.
• While the role will focus on Brazil IT Internal Audits, and IT SOX work, this role will also assist with IT Internal Audits and IT SOX work across other regions globally, where required.
• Promotion of a positive work environment by demonstrating key attributes such as a strong work ethic, office presence, accountability, agility, and self-improvement.
Formação acadêmica/cursos:
• Bachelor’s degree in; Computer Science, Accounting, Finance, Economics, or related IT Audit subject – required.
• Certified Information Systems Auditor (CISA) certification from the Information Systems Audit and Control Association (ISACA) – desirable.
Competências/habilidades:
Strong written and verbal English communication skills, and presentation skills– required.
• Base knowledge, skills, and experience in the principles and practices of technology, IT industry trends, IT Governance controls, IT General Controls (including IT Service Management), Cybersecurity controls (including network security), and IT infrastructure controls (including Cloud).
• Strong ability to build long-term collaborative working relationships with IT management.
• Proactive, delivery focus, taking accountability for the delivery of Sompo International IT audit work in accordance with the IT audit plan.
• Experience in standard Institute of Internal Auditors (IIA) audit methodology (audit planning, fieldwork, and reporting), with an attention to quality to meet methodology requirements with minimal review.
• Other relevant professional certifications are beneficial, such as the Certified Information Systems Security Professional Certification (CISSP) and/or Certified Internal Auditor Certification (CIA).
• Working knowledge of IT industry frameworks (including COBIT, NIST, ITIL) and IT Industry standards (such as ISO 27001, the Information Security Standard, and ISO 27017, the Cloud Security Standard, etc.).
• An understanding of the base requirements of key IT regulations such as the expected IT control requirements of the:
Sarbanes-Oxley Act of 2002 (SOX).
Japan Sarbanes-Oxley Act of 2006 (J-SOX)
Brazil’s Private Insurance Supervisory Office (SUSEP) regulatory requirements relating to cybersecurity (Regulatory Circular, No. 638/2021, etc.)
Brazil’s General Personal Data Protection Law, (LGPD), etc.
• Willingness to work onsite within our Sao Paulo office, and to travel to other Sompo International office locations to assist with other onsite audit fieldwork, if required.
• Experience with Team Mate (or similar audit systems) a plus.