Independent Contractors: Internal Audit Specialists in Information Communication Technology and/or Data Analytics (2) at South African National Parks (SANParks)

Requirements


Be in possession of a Degree/BTech in Auditing / Internal Auditing / Accounting IT/Computer Science/Information Systems / Data Science.
Postgraduate qualification in Internal Auditing, IT Audit, Data Analytics, or Cybersecurity will be an added advantage.
Professional certifications such as Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Data Analyst (or equivalent), Certified Information Security Manager (CISM), or related certifications will be advantageous.
Registered as a member of the Institute of Internal Auditors or Information Systems Audit and Control Association.
Minimum of 5 years' experience in Internal Auditing, with a strong focus on ICT audits, data analytics, or IT risk management.
At least 2 years' experience supervising audit teams or leading audit engagements.
Strong understanding of IT governance, risk management, and control frameworks (e.g. COBIT, COSO, ISO 27001).
Experience in auditing IT general controls, application controls, cybersecurity controls, and \data management processes.
Proficiency in data analytics tools and techniques (e.g. Diligent, Power BI, SQL, Python, Excel advanced analytics).
Ability to analyse large datasets to identify anomalies, trends, control weaknesses, and potential fraud risks.
Knowledge of systems environments including ERP systems and database structures.
Understanding of cloud computing environments, cybersecurity risks, and emerging technologies.
Strong analytical, problem-solving, and critical thinking skills.
Ability to interpret complex technical information and communicate it effectively to non- technical stakeholders.
Strong verbal and written English communication skills.
Ability to build relationships while maintaining independence and professional scepticism.
Presentation and stakeholder engagement skills.
Ability to work independently and as part of a multidisciplinary audit team.
Strong planning, organisational, and time management skills.
High level of integrity and professionalism.
Must have own reliable transport.


Responsibilities


Plan, execute, and report on internal audits across various functions and departments to evaluate the effectiveness of internal controls, risk management, and governance processes.
Develop and implement audit programs and methodologies that align with industry best practices and organizational objectives.
Assess the adequacy and effectiveness of internal controls, identifying any weaknesses or areas for improvement.
Collaborate with management to develop and implement corrective action plans based on audit findings.
Review and analyse financial and operational data to identify trends, anomalies, and potential risks.
Provide guidance and support to management on internal control matters and regulatory compliance.
Prepare detailed and accurate audit reports, including findings, recommendations, and action plans.
Information Technology and Data Analytics Specialist
Apply ISO/IEC 27001, COBIT, and COSO frameworks to identify ICT risks, data governance gaps, and key control weaknesses.
Execute risk-based ICT and data analytics audits, including IT general controls, application controls, cybersecurity controls, and data integrity assessments.
Develop, implement, and maintain ICT and data analytics audit methodologies, tools, and procedures aligned with industry best practices and organisational objectives.
Analyse large and complex datasets using data analytics techniques to identify anomalies, trends, control breakdowns, and potential fraud indicators.
Evaluate the effectiveness of IT systems, databases, and digital platforms, including ERP environments, cloud systems, and data warehouses.
Assess data governance practices, including data quality, data privacy, data lifecycle management, and compliance with applicable regulations.
Perform audits on cybersecurity controls, including access management, identity and access controls, network security, incident response, and vulnerability management.
Provide input into the Internal Audit Strategic and Operational Plans, ensuring that ICT risks and data-driven risk areas are prioritised in line with Section 51 of the PFMA, Regulation 27 of National Treasury Regulations, and internal audit standards.
Receive and interpret audit engagement instructions, defining scope and audit approach for ICT, and data-focused reviews.
Conduct end-to-end audit engagements (planning, fieldwork, reporting) with a strong focus on technology-enabled processes and data reliability.
Engage with ICT management, data owners, system administrators, and business stakeholders to understand system architectures, data flows, and control environments.
Design and execute data-driven audit procedures, including automated testing, continuous auditing techniques, and the use of audit analytics tools.
Identify and communicate ICT and data-related risks, control deficiencies, and improvement opportunities to the Senior Internal Audit Manager in a timely manner.
Develop clear, insightful, and technically sound audit reports that translate complex ICT and data findings into actionable business recommendations.
Ensure compliance with Institute of Internal Auditors (IIA) Standards and ISACA guidelines at all times.
Maintain complete and well-documented electronic audit working papers, ensuring alignment with internal audit methodologies and quality assurance requirements.
Support the Quality Assurance and Improvement Programme (QAIP) by ensuring consistency, accuracy, and quality in ICT and data analytics audit deliverables.
Provide advisory services on ICT controls, data analytics capabilities, automation opportunities, and emerging technology risks where required.
Operate independently as a contractor while maintaining strong collaboration with internal audit teams and stakeholders.
Ensure accurate Internal Audit operational information is maintained and made available on request and specific Internal Audit administrative reporting deadlines are complied with.


Closing Date


25 May 2026