IT Audit Lead

• Own the technology audit calendar end-to-end
• Turn audit findings into clear, actionable remediation
• Support CPS 230 & CPS 234 uplift across technology

About the role
You’ll lead and coordinate all technology audits (internal, external and assurance activities), acting as the primary liaison between auditors, risk and technology stakeholders. You’ll plan the audit lifecycle, keep delivery on time and budget and translate requirements into practical actions for engineering and platform teams. Between audits, you’ll strengthen the Control Assurance Program; testing controls, reporting on effectiveness and readying the organisation for the next review.

What a typical day looks like: 

• Manage the end-to-end audit lifecycle including planning, fieldwork, evidence gathering, reporting and completion of audit actions
• Maintain the annual technology audit and assurance schedule, ensuring key milestones are met
• Coordinate with internal and external auditors, technology SMEs and risk partners to prepare for and facilitate audit activities
• Identify technology and cyber risks and work with control owners to define remediation actions
• Track audit findings, action plans and ensure timely closure of items
• Prepare audit and control assurance reporting for senior leadership and risk committees
• Support uplift of the technology controls assurance program
• Maintain accurate audit documentation, ensuring alignment to the enterprise risk framework

About You:

• Must have experience in technology audit, technology risk, compliance and/or controls assurance
• Must have experience in financial services 
• Must have knowledge of APRA standards: CPS 234 (Information Security) and CPS 230 (Operational Risk Management)
• Strong understanding of cyber GRC and control frameworks (e.g. NIST 800-53, ISO 27001, PCI-DSS, COBIT)
• Strong stakeholder management skills with the ability to communicate clearly with technical and non-technical audiences
• Well-organised with the ability to manage multiple audit activities simultaneously and meet deadlines
• Relevant tertiary qualification in IT or Security; certifications such as CISA, CISM, or CISSP are desirable

Kapital Consulting is a specialist recruitment partner focused on Funds, Investments, Prop Trading and Insurance. We specialise in Technology, Data, Cyber and Project Services recruitment across Australia. Connect at www.kapitalconsulting.com.au and follow us on www.linkedin.com/company/kapital-consulting.