It jobs in Spain

About Discovery

Discovery's core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating to not only achieve financial success, but to ignite positive and meaningful change within our society.

Group Internal Audit provides independent, objective assurance and advisory services designed to add value and improve the organisation's operations. GIA helps the Board and Executive Management protect organisational value by assessing the effectiveness of governance, risk management, and internal controls across the Group (including subsidiaries, shared services, and outsourced/third-party arrangements).

Internal audit falls part of Group Finance, they are responsible for compiling internal audits throughout Discovery (excluding Discovery Bank). They perform planning, fieldwork and reporting on their audits. At the conclusion of an audit, the provide their findings to the Executive within the area.

The Senior IT Auditor is responsible for delivering high-quality, risk-based IT audit engagements across the organisation. This role performs detailed assessments of IT general controls, application controls, cybersecurity processes, and technology-related risks. The Senior IT Auditor leads parts of engagements, conducts complex testing, evaluates control design and effectiveness, and identifies root causes of issues. They prepare clear, concise audit findings and work closely with stakeholders to validate results and agree practical remediation actions. The role also provides guidance to junior auditors, supports audit planning through risk assessment, and contributes to continuous improvement of audit methodology, data analytics, and assurance practices. Ultimately, the Senior IT Auditor helps strengthen the organisation's control environment by providing objective assurance over technology risks and controls through effective stakeholder engagement and people leadership.

• Assist Audit Management in responding to management and stakeholder queries.
• Build and maintain effective working relationships with Discovery companies and other assurance providers, including:
• Discovery Limited Invest, Life, Corporate and Employee Benefits, Insure, Health, Vitality RSA and Vitality Group International
• External Audit and other Assurance Providers
• Facilitate the maintenance of IT risk profiles, including both inherent and residual risk views.
• Challenge risk management information received from the business by value-add input on opportunities to strengthen IT risk management processes and controls.

Demonstrates strong technical knowledge and practical application in the following areas (refer to "Essential Knowledge & Experience" section below for minimum years of experience in the above areas):

• IT General Controls ("ITGC") reviews
• Application control reviews
• Data governance and IT governance frameworks
• IT infrastructure and technical environments, including databases and operating systems
• Cybersecurity and information security
• Computer Assisted Audit Techniques ("CAATs") and data analytics
• Keeps abreast of emerging technology, cyber risks, and industry trends and actively contributes to the enhancement of audit methodology and audit approaches

• Ensure audits are planned and performed in accordance with the approved Internal Audit Methodology.
• Obtain input from Audit Management regarding key risks associated with each audit topic.
• Ensure all significant risks are appropriately addressed for each audit engagement.
• Liaise with Group Risk, Compliance, and Forensics to identify issues impacting audit scope or execution.
• Define the purpose, scope, and audit approach for assigned audits.
• Draft engagement letters for Management review.
• Assist Audit Management in determining the scope of IT Audit assignments.
• Prepare engagement letters for review and approval by Audit Management.
• Prepare and/or review Audit Planning Memoranda ("APMs").

• Prepare and/or review system descriptions, walkthroughs, and process flow diagrams, raising review notes where required.
• Prepare and/or review Risk and Control Matrices ("RACMs") and address review notes.
• Prepare and/or review audit test procedures and obtain approval for any changes to RACMs, testing procedures, or sample sizes.
• Perform audit testing and document working papers using approved Audit Software.
• Review working papers prepared by IT Auditors and raise review notes as appropriate.

• Draft audit reports for Management review.
• Review draft audit findings and observations.
• Forward draft observations to business stakeholders for comment and management responses.
• Prepare executive summaries, including overall audit opinions/ratings and management commentary.
• Perform ad-hoc reporting as required by Audit Management.

• Prepare and/or review the Audit Finalisation Checklist at the conclusion of audits.
• Provide continuous feedback to Audit Management throughout planning, execution, and reporting phases.
• Maintain ultimate accountability for the quality, completeness, and accuracy of audit files.

• Provide close day-to-day supervision of IT Auditors and auditors' work progress.
• Monitor the quality of audit work and implement corrective action where required.
• Provide on-the-job training, coaching, and supervision to ensure audit objectives are met and adequate coverage is achieved.
• Provide regular (at least weekly) progress updates to Audit Management.
• Track audit budgets and timesheets weekly and submit to Audit Management.
• Escalate risks, delays, or challenges timeously where deadlines may not be achieved or feedback is outstanding.
• Immediately advise Audit Management of any significant audit issues or impediments.
• Proactively take on additional responsibilities as requested by the Audit Manager.
• Provide meaningful input and monitor the effective and timely implementation of management actions addressing control weaknesses identified through audits, risk events, risk profiling, and Control Self-Assessments ("CSAs").

• Follow up on outstanding audit findings and management action plans.
• Prepare and submit follow-up progress reports for Risk Committees and Audit Committees where required.

• Drive self-development through studying, attending training courses, and professional chapter meetings.
• Complete mini-appraisals and performance feedback processes as required.
• Manage day-to-day activities of assigned audit staff, consultants, and contractors.
• Support the development of audit staff to enhance competence, capacity, and delivery of the department.
• Monitor staff productivity through timesheets and cost recovery processes.
• Review feedback received from management on auditor performance.
• Prepare and provide performance feedback and appraisal input for IT Auditors across assigned audits.

• Stay up to date with developments in the Internal Audit profession and relevant industries.
• Contribute to the ongoing development and enhancement of audit methodology.
• Travel when required to support audit engagements.

• Bachelor's Degree or equivalent relevant qualification

(Computer Science, Computer Auditing, Information Systems, or Auditing as majors)

• One or more professional certifications required:

CIA, CISA, CISM, CRISC, CGIT

• Minimum of 5 years' IT audit experience
• Broad IT audit exposure covering business processes, systems analysis, and application development
• Industry experience within Financial Services, Insurance, or Medical Scheme sectors

• IT General Control reviews - minimum 5 years
• Application Control reviews - minimum 5 years
• Data and IT governance - minimum 2 years
• IT infrastructure technical reviews (databases & operating systems) - minimum 2 years
• Cybersecurity and information security - minimum 2 years
• CAATs / Data analytics
• Experience managing a team - minimum 2 years

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.