Information Systems Specialist

Roles and responsibilities

Manage the evaluation of IT controls in SPL, identifying vulnerabilities and strengthening security.
Ensure security controls are adequate and protect the organization's data and access.
Contribute to the creation the IT audit plan, aligning it with SPL's overall audit strategy.
Verify accuracy and completeness of IT audit reports for all programs.
Identify and recommend solutions for critical security concerns.
Work with leadership and relevant departments to refine procedures and strengthen IT controls.
Information Systems Audit Planning
Audit Planning: Develop audit plans by assessing the risks and requirements of the organization’s IT systems and processes. Identify key areas to audit, including IT infrastructure, security protocols, and software applications.
Risk Assessment: Conduct risk assessments to identify areas where the organization's systems may be vulnerable to fraud, data breaches, or system failures. Evaluate the effectiveness of current IT controls.
Audit Scope Definition: Define the scope and objectives of the audit, ensuring alignment with business goals, regulatory requirements, and industry standards.
IT Systems and Infrastructure Evaluation
Infrastructure Review: Evaluate the organization’s IT infrastructure, including networks, servers, and cloud services, to assess its security and efficiency.
System Access Controls: Review user access management systems, ensuring that only authorized individuals have access to sensitive data and systems.
Software and Application Review: Examine the security, functionality, and efficiency of critical software applications used by the organization, ensuring they are effectively supporting business needs and complying with security standards.

Desired candidate profile

Audit Process Understanding and Documentation
Audit Data Analysis
Audit Interviewing and Communication
Information Systems Audit
Information Security and Risk Management
Security Controls: Assess the adequacy of information security controls, including firewalls, encryption, and intrusion detection systems, to safeguard against cyber threats.
Vulnerability Identification: Identify potential vulnerabilities within the information systems and recommend measures to address security gaps and improve system defenses.
Incident Response and Reporting: Evaluate the organization's ability to detect, respond to, and recover from IT security incidents, ensuring policies and procedures are in place for effective incident management.
Compliance and Regulatory Audits
Regulatory Compliance: Ensure that the organization complies with relevant IT regulations and standards (e.g., GDPR, HIPAA, SOX, PCI-DSS). Evaluate how well the organization follows legal, regulatory, and industry-specific requirements.
Audit of Policies and Procedures: Review IT governance policies and procedures to verify compliance with internal standards and external regulations.
Internal Controls Assessment: Review the internal controls governing IT operations and assess whether they are properly designed and functioning as intended to mitigate risks.
Data Integrity and Backup Systems
Data Accuracy and Integrity: Ensure that the organization’s data is accurate, complete, and consistent by reviewing data management practices and systems.
Backup and Recovery: Evaluate the effectiveness of data backup and disaster recovery plans. Ensure that data can be restored promptly in the event of a system failure or breach.
Business Continuity: Assess the organization’s business continuity and disaster recovery strategies, ensuring that the IT infrastructure can withstand disruptions and resume operations with minimal downtime.