Software Development
Nico Prinsloo
Certified Information Systems Auditor
Pretoria
Summary
Results-driven Certified Information Systems Auditor (CISA), Certified Lead Auditor and Audit Manager with over 26 years of extensive IT industry experience, specializing in audit management, risk management, information security, and compliance. Expertise in developing and implementing quality management systems (QMS), information security management systems (ISMS), and service management systems (SMS) in alignment with ISO standards. Proven track record in managing audit programs, resolving non-conformities, and driving continuous improvement initiatives that enhance compliance, operational efficiency, and customer satisfaction. Seeking a senior audit management, lead auditor, or information security role to leverage skills in optimizing compliance strategies and processes for organizational success.
Overview
26
26
years of professional experience
17
17
Certificates
2
2
Languages
Work History
Certified Information Systems Auditor (CISA)
Kyndryl
04.2010 - Current
- Perform 3rd party Internal Audits.
- Cybersecurity lead for Kyndryl South Africa’s Provident fund (separate set of R&Rs)
- Assist other Kyndryl sites in building compliant ISO27001:2022, ISO9001:2015 and ISO20000:2018 Management Systems
- Audit key aspects of Information Systems including, but not limited to; Human Resources, Physical Security, Facility Management, IT and IT Security, Asset Management, Digital Workplace Services, Cloud services, Business continuity, Service Availability and Disaster Recovery, Project Management, Demand Management, Configuration Management, Capacity Management (human and IT tech), Contracts and Service Level Agreements.
- Identify and mitigate risk by designing and implementing a new Continuous Self-Assessment Risk Management Process
- Manage the Audit Team during internal and external audits.
- Design audit plans that are aligned with risk profile & strategic objectives in order to execute effective risk-based audits.
- Create and negotiate annual audit plan with senior management.
- Responsible for the planning and execution Internal and External audits for ISO27001:2022, ISO9001:2015 and ISO20000:2018
- Through Risk Assessment, proactively identify areas of security risks within the practice and the services we utilize and provide remediation recommendations where appropriate.
- General quality assurance for audit assignments
- Guidance during the performance of ad-hoc audit requests.
- Audit Service Management processes including Incident, Problem, Change, Service Request, Capacity, Asset, Configuration and Business Continuity Management.
- Provide overall coordination of specialist audit teams during internal/external audits for all ISO
- Standards.
- Provide guidance as to the practical implementation of the risk management methodology.
- Drafting Audit Non-Conformance reports and Follow-up previous audit NC, observations and opportunities for improvement
- Manage all facets of the Enterprise Risk Management Process for this location including hosting Review Board meetings (new risk and quarterly updates to register), tracking control status, designing new controls for new and existing risks, track risk status, market research for industry related risk and risks related to audit non-conformance.
- Timely communication with senior management about changes to audit plans and audit scope
- Host audit post-mortem meeting with senior management.
- Regular discussions with senior management regarding focus areas, progress with strategies and risks
- Liaise with external auditors, risk management, Kyndryl global program managers, Kyndryl compliance to ensure assurance provision is optimised.
- Perform skills development training and coaching.
- Lead stakeholder engagements (internal and external)
- Provide input methodology & other best practices by performing the necessary research & maintaining topical knowledge.
- Relationship management with external suppliers & business units to improve audit participation & overall compliance posture.
- Member of Kyndryl Global Risk and Compliance Team (CTRAC)
- Facilitated internal audits and prepared detailed reports on findings.
- Improved client relations by maintaining open lines of communication and addressing concerns promptly.
- Managed a team of auditors, ensuring accurate and timely completion of audit projects.
- Provided valuable insights to senior management on potential business risks identified during audits.
- Consistently met deadlines for audit reports, helping maintain company reputation for reliability and professionalism.
- Implemented risk-based auditing strategies, resulting in better identification of potential issues.
- Evaluated effectiveness of internal controls by testing key controls across various business units within the organization.
- Mentored junior auditors, aiding in their professional development and fostering a positive work environment.
- Developed comprehensive audit plans outlining scope, goals, timelines, and resource requirements for each project.
- Coordinated, managed and implemented auditing projects and prepared for evaluation.
- Collaborated with management to develop actionable recommendations for improving internal controls and processes.
- Led cross-functional teams in complex audits, ensuring seamless collaboration between departments.
- Enhanced audit efficiency by streamlining processes and implementing new auditing software.
- Developed high-level knowledge of client business goals, policies, and procedures to establish foundation for targeted problem solutions.
- Strengthened stakeholder relationships by presenting clear findings from completed audits along with suggested improvements.
- Negotiated with clients to define audit scopes and objectives, ensuring clear expectations and deliverables.
- Strengthened stakeholder confidence with comprehensive risk assessment strategies.
- Led team of junior auditors, fostering their professional growth and ensuring high standards of audit performance.
- Prepared working papers, reports and supporting documentation for audit findings.
- Achieved significant reductions in non-compliance issues by introducing robust audit methodologies.
- Collaborated with external auditors to provide accurate information needed for successful annual audits.
- Ensured compliance with industry regulations by conducting regular reviews of company policies and procedures.
- Developed and maintained productive relationships with clients to facilitate smooth audit processes and ensure compliance.
- Ensured regulatory compliance by staying up-to-date with industry standards and adjusting audit practices accordingly.
- Maintained professional knowledge by attending industry conferences, participating in training sessions, and staying current on emerging trends in information systems auditing.
- Promoted continuous improvement within the organization through ongoing evaluation of policies, procedures, and technology implementations against best practices in information systems auditing.
- Collaborated with IT teams to address identified risks and implement appropriate mitigation strategies.
- Reviewed incident reports thoroughly, taking corrective actions where necessary to improve overall security performance.
- Coordinated with other departments to develop effective communication channels during emergencies, enhancing organizational readiness and resilience.
- Monitored daily operations, identifying potential vulnerabilities and addressing them proactively to prevent breaches or incidents.
- Streamlined emergency response protocols, resulting in faster reaction times during crisis situations.
- Monitored and approved access control systems for accessibility to authorized personnel.
Audit Manager, Lead Information Systems Auditor
IBM
04.2010 - 08.2021
- Company Overview: IBM, Johannesburg, Gauteng
- Identify and mitigate risk analysis to the business.
- Design audit plan that is aligned with risk profile & strategic objectives
- Negotiate annual audit plan with senior management
- Create and implement annual audit plan
- Staff scheduling and management during internal & external audits
- Proactively identify areas of security risks within the practice and the services we utilize and provide remediation recommendations where appropriate
- Approve audit programmes
- General quality assurance on audit assignments
- Guidance during the performance of ad-hoc audit requests.
- Provide overall coordination of specialist audit teams during internal/external audits for all ISO
- Standards
- Provide guidance as to the practical implementation of the risk management methodology
- Rating of audit findings obtain management comments on audit findings.
- Drafting Audit Non-Conformance reports
- Attend risk Committee meetings on audit findings.
- Timely communication with senior management about changes to audit plans
- Follow-up previous audit observations.
- Highlight significant issues during audit post-mortem meeting.
- Regular discussions with senior management regarding focus areas, progress with strategies and risks
- Liaise with external auditors, risk management, IBM global program managers, IBM compliance to ensure assurance provision is optimised.
- Perform skills development and coaching.
- Lead stakeholder engagements (internal and external)
- Provide input methodology & other best practices by performing the necessary research & maintaining topical knowledge
- Relationship management with external suppliers & business units to improve audit participation & overall compliance posture
- IBM, Johannesburg, Gauteng
Education
High School Diploma - Science, Maths, Biology, Geography, English, Afrikaans
Belfast Highschool
Some College (No Degree) - Introduction to Psychology
University of Toronto
Skills
Audit Managing
Certification
The Complete OSINT Training Program for beginners
Accomplishments
- Designed new compliance check and verification software.
- Recognized Champion Learner (top 5% of all employees).
- Created a new Risk Management Process based on Continuous Self-Assessment.
- Completed 100 hours of education in 2020, 2021 and 2022.
- Achieved an 80% improvement in overall process compliance posture.
- Reduced the number of overdue SLA impacting incidents by 90%.
- Improved Customer Satisfaction for various IBM and Kyndryl supported customers by between 35 & 55%.
- Achieved 96% reduction in process related failed changes.
- Received 15 Managers choice awards over the past 3 years.
- Implemented new ISO27001:2013 Information Security Management System.
Interests
Cybersecurity
Drawing with Pencil
I draw with Graphite pencils. I love drawing faces with character.
Timeline
Certified Information Systems Auditor (CISA)
Kyndryl
04.2010 - Current
Audit Manager, Lead Information Systems Auditor
IBM
04.2010 - 08.2021
Some College (No Degree) - Introduction to Psychology
University of Toronto
High School Diploma - Science, Maths, Biology, Geography, English, Afrikaans
Belfast Highschool
Similar Profiles
Shikha SethShikha Seth
Program Manager - Onboarding of Accounts in AIOPS at KyndrylProgram Manager - Onboarding of Accounts in AIOPS at Kyndryl
Douglas PaigeDouglas Paige
Data Management Associate at KyndrylData Management Associate at Kyndryl
Nelson Raj JNelson Raj J
Associate Data Analyst at KyndrylAssociate Data Analyst at Kyndryl
FABIO MENDES ANGELOFABIO MENDES ANGELO
IT Specialist at KyndrylIT Specialist at Kyndryl
Pieter CoetzeePieter Coetzee
Senior Sales Executive at QuirknetSenior Sales Executive at Quirknet