Internal Audit Manager

About Discovery

As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.

About Discovery Bank

Our Vitality Money programme measures how well clients manage their finances, informs them of what it means to be financially healthy, and empowers them with the knowledge to get enhanced rewards for managing their money well. If you’re adaptable, a problem-solver, always questioning the way things are done, passionate about doing what is right, and obsessed with providing a quality service experience, we have a job for you where you can be your best in an environment that’s safe and nurturing.

Job Purpose

Lead risk-based IT audits across infrastructure, cloud, cybersecurity, data, payments, and digital channels to provide independent assurance over technology risks and controls. Strengthen the bank’s control environment, meet local regulatory expectations, and enable secure innovation at speed.

Areas of responsibility may include but are not limited to:

1. Audit Planning & Governance

• Develop and maintain the risk-based IT audit plan aligned to the bank’s strategic objectives, risk appetite, and Three Lines Model.
• Perform technology risk assessments covering cloud (IaaS/PaaS/SaaS), cybersecurity, data & AI/ML, DevSecOps, third party risk, payments, open banking/APIs, and resilience.
• Ensure conformance with the International Standards for the Professional Practice of Internal Auditing (IIA Standards / IPPF) and alignment to King IV™ principles on governance.
• Prepare Audit Committee packs for IT audit coverage, opinions, key themes, and trend analyses.

1. Execution of IT Audits - Lead end to end audits (scoping, fieldwork, issue validation, reporting) over:

• IT General Controls (ITGCs) and application controls across core banking, digital channels, and enablement platforms.
• Cybersecurity (governance, identity & access, SOC, vulnerability/patch, incident response, endpoint, network & cloud security).
• Cloud & platform engineering (architecture, configuration, CSP shared responsibility, IaC controls, container/Kubernetes security).
• Data governance & privacy (POPIA, data lineage/quality, access, ISO/IEC 27701 alignment).
• Payments & cards (EFT, RTGS, card acquiring/issuing, PCI DSS scope and interfaces).
• Business continuity & operational resilience (BCP/DR, RTO/RPO, scenario testing).
• Third party & fintech partnerships (onboarding due diligence, contracting, ongoing monitoring, exit plans).
• Change, SDLC & DevSecOps (agile ceremonies, CI/CD, testing, segregation of duties, release management).
• AI/ML & model risk (data sourcing, bias, explainability, monitoring, access, change control—coordinating with Model Risk/Internal Audit specialists).

1. Issue Management & Stakeholder Engagement

• - Produce clear, prioritized reports with root cause, business impact, and actionable remediation:
• Track and validate remediation; escalate overdue/high risk issues.
• Build strong relationships with CIO/CTO/CISO, Data, Engineering, Product, Risk, and Compliance while maintaining independence.

1. Data Led Assurance & Continuous Auditing

• Drive data analytics in audits (e.g., log analysis, user access analytics, config drift, control health dashboards).
• Pilot continuous monitoring and controls automation where feasible; mentor the team on Python/SQL/Power BI usage.

1. Regulatory and Standards Alignment

• Align assurance to Banks Act requirements and Prudential Authority (SARB) expectations, POPIA, FICA, NCA, and Payment System rules where applicable.
• Reference and benchmark against COBIT, NIST CSF/800 53, ISO/IEC 27001/2, PCI DSS, CIS Controls, and internal policies/standards.

1. People, Quality & Vendor Management

• Manage, coach, and upskill the audit team; curate an annual training plan (CISA/CISM/CISSP, cloud security, data analytics).
• Oversee co-sourced audit partners; set scope, quality criteria, and deliverable timelines.
• Perform engagement quality reviews and maintain a robust internal audit Methodology & QAIP (Quality Assurance and Improvement Program).

• Risk based, outcome oriented thinker with strong professional skepticism and independence.
• Executive presence & communication: able to distill complex tech risks into concise messages for EXCO/Audit Committee.
• Collaboration & influence: builds trust with Technology and Product while holding firm on control requirements.
• Learning agility: keeps pace with cloud native architectures, platform engineering, AI/ML, and evolving threats.
• Structured problem solver with strong root cause and issue prioritisation skills.
• Ethical judgement and confidentiality aligned to IIA Code of Ethics.
• Resilience under pressure; comfortable challenging senior stakeholders.
• Excellent writing (findings, opinions, and board level reporting).
• Banks Act and SARB Prudential Authority supervisory expectations (incl. IT/cyber risk, outsourcing, operational resilience).
• POPIA, FICA, NCA, Payments Association of SA rules, and relevant PCI DSS obligations.
• Corporate governance via King V™ and alignment to the IIA Standards (IPPF).

• Bachelor’s degree in Information Systems, Computer Science, Engineering, Risk/Audit, or related field (required).
• Professional certifications (one or more required): CISA (preferred), CIA (advantage), CISM/CRISC/CISSP, ISO 27001 Lead Auditor/Implementer (advantage).
• Cloud security certifications (e.g., CCSP, AWS/Azure security specialty) advantageous.
• Data & analytics: demonstrable SQL and/or Python skills; data privacy certification (e.g., CIPT) advantageous.
• 8–10+ years total experience in IT audit, technology risk, cybersecurity, or related assurance
• 3–5+ years in a managerial/lead role.
• Banking/fintech background essential; digital retail bank experience strongly preferred.
• Led multiple audits across cloud, cybersecurity, digital channels, payments, core banking, data governance, and third‑party risk.
• Experience interfacing with Audit Committees, regulators, and external auditors.

EMPLOYMENT EQUITY

The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.