Associate/Senior Associate (12 months contract), IT Auditor (AI, Cybersecurity controls)

Introduction

Role Purpose: We are seeking an experienced IT Auditor on a contract basis to support the execution of risk-based technology, data, AI, and cybersecurity audits. The role is hands-on, execution-focused, and suited to a candidate who can work independently with minimal supervision.

Scope of Role: Audit assignments will vary depending on the annual audit plan and emerging risk priorities, and may include personal data protection, data governance and security, AI governance and security, application security, infrastructure, and network security.

Responsibilities

Audit Execution and Assurance

• Independently plan and execute risk‑based IT, data, AI, and cybersecurity audits across business processes, applications, platforms, and infrastructure.
• Support integrated and thematic audits that cut across business, data, technology, and security domains.
• Perform walkthroughs, control design reviews, and operating effectiveness testing.
• Identify control gaps, assess root causes, and evaluate residual and systemic risks.
• Develop clear, defensible audit workpapers in line with internal audit standards and professional practices.

Technology, Data and Security Risk Coverage

The role may include assessing controls and risks across the following areas:

• Personal Data & Privacy
  • Data lifecycle management (collection, use, disclosure, retention, disposal)
  • Data protection impact assessments (DPIAs)
  • Access controls, encryption, logging, and monitoring

• Data Governance & Security
  • Data governance and accountability frameworks
  • Data classification and secure handling
  • Data access governance across platforms
  • Data quality, lineage, and integrity
  • Data leakage prevention and monitoring
  • GenAI data governance, including training data controls and usage safeguards

• AI Governance & Application Security
  • AI governance, oversight, and use‑case lifecycle management
  • Security and technology risk controls over AI and GenAI systems
  • AI application security testing, including:
    • Review of model access controls, APIs, and integrations
    • Identification of risks such as prompt injection, data leakage, insecure model access, and third‑party dependency risks
  • Alignment with secure SDLC practices, architectural guardrails, and third‑party AI governance

• Infrastructure, Network & External Exposure Security
  • Network and wireless security
  • Host configuration, hardening, and patch management
  • Firewalls, segmentation, and security monitoring
  • Security reviews of corporate websites and externally exposed services

Reporting and Stakeholder Engagement

• Produce concise, management‑ready audit reports with practical, risk‑focused recommendations.
• Communicate complex technology, data, and AI risks in clear business terms.
• Work effectively with IT, data, security, and business stakeholders while maintaining auditor independence.
• Track remediation actions and validate closure of audit issues.

Requirements

• 3–5+ years experience in IT audit, technology risk, cybersecurity, or related roles.
• Strong hands‑on audit execution experience across data, AI, applications, and cybersecurity controls.
• Comfortable working in changing audit scopes and emerging risk areas.
• Familiarity with recognised frameworks (e.g. ISO 27001, NIST, data protection and security standards).
• Professional certifications (CISA, CISSP, CISM, CRISC, privacy or cloud certifications) preferred.
• Strong analytical skills, professional judgment, and written communication.