Job Description

To provide support to the IT Security Department by ensuring IT audit readiness, continuous compliance, and effective remediation of audit findings by coordinating, tracking, and reporting on all IT-related audit issues. The IT Security Assistant will support the IT Security team in monitoring, maintaining, and improving the organization's information security posture. The role supports the enforcement of internal controls, assists in policy, procedure, guidelines and standards development and reviews, and maintains compliance with regulatory and best-practice standards.

KEY PERFORMANCE AREAS

Audit Coordination & Support

Serve as the primary point of contact for all IT audit activities -- internal and external. Coordinate IT audit engagements, including planning, walkthroughs, evidence gathering, and status meetings. Maintain a comprehensive register of all audit findings (IT-related) and track them to resolution. Active management of the IT Management team to ensure audit issues are addressed before due dates.

Tracking & Reporting

Maintain dashboards and trackers for audit issues, exceptions, and risk treatment plans. Ensure timely follow-up with responsible stakeholders for evidence submission and issue remediation. Prepare weekly/monthly status reports, executive summaries, and audit readiness metrics for IT Management.

Documentation & Compliance

Draft and update IT policies, procedures, standards, and guidelines to align with audit requirements, industry best practices, and regulatory expectations. Assist with regulatory submissions and compliance questionnaires (e.g., POPIA, ISO, COBIT, NCA, SWIFT CSP Attestation). Maintain audit logs and IT documentation repositories in an organized, audit-ready state.

Issue Remediation & Follow-Up

Liaise with IT managers for input from their respective technical teams to validate resolution of findings and closure of audit points within deadlines. Draft formal remediation plans and motivations for deferred/accepted risk findings. Facilitate root cause analysis (RCA) for repeat or high-risk findings.

Risk & Control Improvement

Work with Audit, Risk and Governance teams to embed control improvements across IT functions. Recommend control design enhancements and standard operating procedures (SOPs). Support IT risk assessments such as Regulatory, Group and Third-Party questionnaires, including risk identification and mitigation tracking. Keep abreast of latest legislation, regulations and governance requirements relevant to ABL.

Policy & Framework Alignment

Support the alignment of IT controls with corporate governance frameworks like COBIT, ITIL, NIST, TOGAF and ISO/IEC 27001. Ensure awareness and compliance of IT teams with defined policies and controls

IT Security Support

Assist in monitoring and responding to security alerts, incidents, and vulnerabilities. Support in conducting routine checks on system logs, access controls, and security tools. Help maintain and update security documentation, policies, and procedures. Assist with user awareness training and promote security best practices across the organization. Provide first-level support for security-related queries from staff. Support the administration of firewalls, antivirus, endpoint protection, and other security tools. Assist in vulnerability assessments and follow up on remediation activities. Help ensure compliance with internal policies, regulatory requirements, and industry standards. Maintain an inventory of IT security assets and licenses. Provide general support to the IT Security Manager and wider IT team as required.

QUALIFICATIONS

National Diploma or Degree in Information Technology, Computer Science, or related field. Certifications preferred: CISA, CRISC, CGEIT, or ISO 27001 Lead Implementer/Auditor.

EXPERIENCE

2-3 years in IT audit, IT risk management, IT compliance, or GRC roles preferred. Experience in banking or financial services environments is advantageous. Familiarity with regulatory environments like SARB, FSCA, or international equivalents.

TECHNICAL COMPETENCIES

Strong knowledge of IT general controls (ITGC), risk frameworks, and audit methodologies. Proficiency in Microsoft Excel, PowerPoint, and reporting tools (e.g., Power BI). * Working knowledge of ITSM tools and GRC platforms (e.g., Service Desk, TeamMate, or similar) would be advantageous.