Job Specification
Qualification
Science or Commerce Degree, or equivalent, if substantiated by valid evidence of competency.
CISA, CISM, CRISC, CGEIT, COBIT, Cybersecurity (CEH and related technical field) or ISO 27001 credentials advantageous.
Experience
2 - 4 years’ systems and process auditing experience, preferably with Big 4 audit firm IT auditing exposure, or equivalent, if substantiated by valid evidence of competency.
Exposure such as Sarbanes Oxley (SOX) or similar IT and business risk and control-based audits advantageous.
Job Description
Objectives
Ensure that compliance testing and auditing assignments are conducted and reported on in accordance with the approved methodologies, working documents and templates and in line with regulatory, accreditation and contractual requirements.
Ensure sustained superior service to existing and new clients in aid of business retention and growth.
Primary Responsibilities
Work from the company’s office at least twice weekly, during business hours, when not traveling on client audits, as agreed with the line manager.
Be available on Skype/Teams with email visibility on a mobile device, during business hours, when working from a client’s office or a home office.
Familiarisation with regulated market platform requirements for certifications of technical gambling systems for the markets assigned and within which clients operate.
Provide feedback on the quality of working documents and possible areas of improvement post review.
Identify and provide to management opportunities for improvement in departmental and interdepartmental work procedure
Audit project planning and scheduling.
Draft client proposals from approved templates.
Conduct onsite self-regulatory reviews and reviews for regulated markets at clients and submit subsequent certifications in accordance.
Conduct remote audits where applicable, with effective use of internet-based conferencing facilities, taking notes and obtaining and documenting relevant evidence.
Draft reports and certificates for clients within predetermined time frames, including findings of review work.
Develop and sustain exceptional client relationship management.
Draft client invoices, where applicable.
Project management via M-Files.
Effective and efficient performance of administrative tasks, including monthly expense claims and updating travel booking forms with invoices where own/company NatWest card was used.
Administration
Effective planning of onsite review trips in liaison with the line manager and client.
Updating of the travel schedule to reflect scheduled and upcoming onsite reviews.
Submit annual leave applications to the line manager well in advance.
Teamwork
Attend weekly catch-up calls with team to discuss deadlines, future and ongoing projects and correctly assist and/or escalate projects, where required.
Provide assistance to team members and other staff in meeting regulatory and/or client deadlines, as required.
Resource Management
Ensure that operational, reputational and security risks are effectively managed through information technology resources (PCs, network connections, security around the work environment, speed/quality of connections, power outages, etc.).
Record and upload audit evidence and documentation in compliance with ISO standards.
Reporting
Inform clients on the certification process and communicate and plan future certifications in advance to assist clients in maintaining regulatory compliance per market.
Complete reporting tasks within the predetermined time frames, including initial report drafting, following up and obtain management comments from clients, and perform follow-up review work for resolved findings.
Ensure completeness and integrity of reports through completed work programs and supporting evidence aligning to findings.
Discuss and report on key issues, provide clarity and practical examples on the implementation of controls in order to address non-compliance and assist clients in remediation of findings.
Effective and efficient follow-up and resolution of review findings and updating of work programs, reports and certificates, where applicable.
Business Compliance
Acquire a full of understanding of the quality system - policies, procedures and work instructions.
Full adherence to and application of information communicated in policies, procedures and work instructions.
Business Retention and Growth
Familiarisation with eCOGRA’s key service lines and functions in order to professionally represent the company and clearly explain its services to prospective clients and new business opportunities identified.
ISO 27001 Audit – Supplementary Responsibilities
Auditors and Team Leader
Compiling and amending ISO/IEC 27001 certificates and issuing it to the client, ensuring eCOGRA’s certification rules, certification logos and a link to the certificate located on eCOGRA’s Certificate Management System (CMS) are provided.
Ensuring client certificate details are updated on the eCOGRA website and accreditation body website.
Planning the audit and ensuring that audit reports are received within a timely manner for internal reviews.
Preparation and execution of the audit and submitting the audit reports.
Following the process steps outlined in the relevant work instructions.
Audit Team Leaders are responsible for overseeing Auditors and accountable for ensuring that auditors have followed the process steps.
Audit Team Leaders are responsible for deciding on proceeding with stage 2 and confirming if the stage 2 audit team members have the necessary competence.