Summary
Overview
Work History
Education
Skills
Websites
Certification
Accomplishments
Interests
Drawing with Pencil
Timeline
Generic
Nico Prinsloo

Nico Prinsloo

Certified Information Systems Auditor
Pretoria

Summary

Results-driven Certified Information Systems Auditor (CISA), Certified Lead Auditor and Audit Manager with over 26 years of extensive IT industry experience, specializing in audit management, risk management, information security, and compliance. Expertise in developing and implementing quality management systems (QMS), information security management systems (ISMS), and service management systems (SMS) in alignment with ISO standards. Proven track record in managing audit programs, resolving non-conformities, and driving continuous improvement initiatives that enhance compliance, operational efficiency, and customer satisfaction. Seeking a senior audit management, lead auditor, or information security role to leverage skills in optimizing compliance strategies and processes for organizational success.

Overview

26
26
years of professional experience
17
17
Certificates
2
2
Languages

Work History

Certified Information Systems Auditor (CISA)

Kyndryl
04.2010 - Current
  • Perform 3rd party Internal Audits.
  • Cybersecurity lead for Kyndryl South Africa’s Provident fund (separate set of R&Rs)
  • Assist other Kyndryl sites in building compliant ISO27001:2022, ISO9001:2015 and ISO20000:2018 Management Systems
  • Audit key aspects of Information Systems including, but not limited to; Human Resources, Physical Security, Facility Management, IT and IT Security, Asset Management, Digital Workplace Services, Cloud services, Business continuity, Service Availability and Disaster Recovery, Project Management, Demand Management, Configuration Management, Capacity Management (human and IT tech), Contracts and Service Level Agreements.
  • Identify and mitigate risk by designing and implementing a new Continuous Self-Assessment Risk Management Process
  • Manage the Audit Team during internal and external audits.
  • Design audit plans that are aligned with risk profile & strategic objectives in order to execute effective risk-based audits.
  • Create and negotiate annual audit plan with senior management.
  • Responsible for the planning and execution Internal and External audits for ISO27001:2022, ISO9001:2015 and ISO20000:2018
  • Through Risk Assessment, proactively identify areas of security risks within the practice and the services we utilize and provide remediation recommendations where appropriate.
  • General quality assurance for audit assignments
  • Guidance during the performance of ad-hoc audit requests.
  • Audit Service Management processes including Incident, Problem, Change, Service Request, Capacity, Asset, Configuration and Business Continuity Management.
  • Provide overall coordination of specialist audit teams during internal/external audits for all ISO
  • Standards.
  • Provide guidance as to the practical implementation of the risk management methodology.
  • Drafting Audit Non-Conformance reports and Follow-up previous audit NC, observations and opportunities for improvement
  • Manage all facets of the Enterprise Risk Management Process for this location including hosting Review Board meetings (new risk and quarterly updates to register), tracking control status, designing new controls for new and existing risks, track risk status, market research for industry related risk and risks related to audit non-conformance.
  • Timely communication with senior management about changes to audit plans and audit scope
  • Host audit post-mortem meeting with senior management.
  • Regular discussions with senior management regarding focus areas, progress with strategies and risks
  • Liaise with external auditors, risk management, Kyndryl global program managers, Kyndryl compliance to ensure assurance provision is optimised.
  • Perform skills development training and coaching.
  • Lead stakeholder engagements (internal and external)
  • Provide input methodology & other best practices by performing the necessary research & maintaining topical knowledge.
  • Relationship management with external suppliers & business units to improve audit participation & overall compliance posture.
  • Member of Kyndryl Global Risk and Compliance Team (CTRAC)
  • Facilitated internal audits and prepared detailed reports on findings.
  • Improved client relations by maintaining open lines of communication and addressing concerns promptly.
  • Managed a team of auditors, ensuring accurate and timely completion of audit projects.
  • Provided valuable insights to senior management on potential business risks identified during audits.
  • Consistently met deadlines for audit reports, helping maintain company reputation for reliability and professionalism.
  • Implemented risk-based auditing strategies, resulting in better identification of potential issues.
  • Evaluated effectiveness of internal controls by testing key controls across various business units within the organization.
  • Mentored junior auditors, aiding in their professional development and fostering a positive work environment.
  • Developed comprehensive audit plans outlining scope, goals, timelines, and resource requirements for each project.
  • Coordinated, managed and implemented auditing projects and prepared for evaluation.
  • Collaborated with management to develop actionable recommendations for improving internal controls and processes.
  • Led cross-functional teams in complex audits, ensuring seamless collaboration between departments.
  • Enhanced audit efficiency by streamlining processes and implementing new auditing software.
  • Developed high-level knowledge of client business goals, policies, and procedures to establish foundation for targeted problem solutions.
  • Strengthened stakeholder relationships by presenting clear findings from completed audits along with suggested improvements.
  • Negotiated with clients to define audit scopes and objectives, ensuring clear expectations and deliverables.
  • Strengthened stakeholder confidence with comprehensive risk assessment strategies.
  • Led team of junior auditors, fostering their professional growth and ensuring high standards of audit performance.
  • Prepared working papers, reports and supporting documentation for audit findings.
  • Achieved significant reductions in non-compliance issues by introducing robust audit methodologies.
  • Collaborated with external auditors to provide accurate information needed for successful annual audits.
  • Ensured compliance with industry regulations by conducting regular reviews of company policies and procedures.
  • Developed and maintained productive relationships with clients to facilitate smooth audit processes and ensure compliance.
  • Ensured regulatory compliance by staying up-to-date with industry standards and adjusting audit practices accordingly.
  • Maintained professional knowledge by attending industry conferences, participating in training sessions, and staying current on emerging trends in information systems auditing.
  • Promoted continuous improvement within the organization through ongoing evaluation of policies, procedures, and technology implementations against best practices in information systems auditing.
  • Collaborated with IT teams to address identified risks and implement appropriate mitigation strategies.
  • Reviewed incident reports thoroughly, taking corrective actions where necessary to improve overall security performance.
  • Coordinated with other departments to develop effective communication channels during emergencies, enhancing organizational readiness and resilience.
  • Monitored daily operations, identifying potential vulnerabilities and addressing them proactively to prevent breaches or incidents.
  • Streamlined emergency response protocols, resulting in faster reaction times during crisis situations.
  • Monitored and approved access control systems for accessibility to authorized personnel.

Audit Manager, Lead Information Systems Auditor

IBM
04.2010 - 08.2021
  • Company Overview: IBM, Johannesburg, Gauteng
  • Identify and mitigate risk analysis to the business.
  • Design audit plan that is aligned with risk profile & strategic objectives
  • Negotiate annual audit plan with senior management
  • Create and implement annual audit plan
  • Staff scheduling and management during internal & external audits
  • Proactively identify areas of security risks within the practice and the services we utilize and provide remediation recommendations where appropriate
  • Approve audit programmes
  • General quality assurance on audit assignments
  • Guidance during the performance of ad-hoc audit requests.
  • Provide overall coordination of specialist audit teams during internal/external audits for all ISO
  • Standards
  • Provide guidance as to the practical implementation of the risk management methodology
  • Rating of audit findings obtain management comments on audit findings.
  • Drafting Audit Non-Conformance reports
  • Attend risk Committee meetings on audit findings.
  • Timely communication with senior management about changes to audit plans
  • Follow-up previous audit observations.
  • Highlight significant issues during audit post-mortem meeting.
  • Regular discussions with senior management regarding focus areas, progress with strategies and risks
  • Liaise with external auditors, risk management, IBM global program managers, IBM compliance to ensure assurance provision is optimised.
  • Perform skills development and coaching.
  • Lead stakeholder engagements (internal and external)
  • Provide input methodology & other best practices by performing the necessary research & maintaining topical knowledge
  • Relationship management with external suppliers & business units to improve audit participation & overall compliance posture
  • IBM, Johannesburg, Gauteng

Education

High School Diploma - Science, Maths, Biology, Geography, English, Afrikaans

Belfast Highschool

Some College (No Degree) - Introduction to Psychology

University of Toronto

Skills

Audit Managing

Team leadership

Data analysis

Process implementation

Quality Management

Information security

Process Behaviour Analysis

Lean Six Sigma

ISO certified

Process Improvement

MS Office Suite

Project Management

Root Cause Analysis

Risk management

Internal Auditing

Process development and implementation

ISO 27001:2022 Compliance

Document Control and Compliance

Service Management Systems (SMS)

Business Continuity and Disaster Recovery

Quality Management Systems (QMS)

Data and Process Behavior Analysis

Stakeholder Engagement

Training and Mentorship

Certified Information Systems Auditor (CISA)

ISO 27001 Lead Auditor

ISO 9001 Lead Auditor

ISO 20000 Lead Auditor

ITSM

Vulnerability assessment

IT asset management

Identity and Access management

Threat intelligence

Security awareness training

Incident management

Security information and event management

Log analysis

Internal controls

Compliance management

Patch management

IT governance

Configuration management

Security incident response

Continuous monitoring

Cybersecurity frameworks

Business continuity planning

Teamwork and collaboration

Problem-solving

Team management

Time management

Problem-solving abilities

Multitasking

Excellent communication

Decision-making

Team building and leadership

Documentation and reports

Data collection

Verbal and written communication

Adaptability and flexibility

Critical thinking

Audit planning

Active listening

Organizational skills

Clear communication

Analytical thinking

Employee motivation

Websites

Certification

The Complete OSINT Training Program for beginners

Accomplishments

  • Designed new compliance check and verification software.
  • Recognized Champion Learner (top 5% of all employees).
  • Created a new Risk Management Process based on Continuous Self-Assessment.
  • Completed 100 hours of education in 2020, 2021 and 2022.
  • Achieved an 80% improvement in overall process compliance posture.
  • Reduced the number of overdue SLA impacting incidents by 90%.
  • Improved Customer Satisfaction for various IBM and Kyndryl supported customers by between 35 & 55%.
  • Achieved 96% reduction in process related failed changes.
  • Received 15 Managers choice awards over the past 3 years.
  • Implemented new ISO27001:2013 Information Security Management System.

Interests

Software Development

Cybersecurity

Drawing with Pencil

I draw with Graphite pencils. I love drawing faces with character.

Timeline

Certified Information Systems Auditor (CISA)

Kyndryl
04.2010 - Current

Audit Manager, Lead Information Systems Auditor

IBM
04.2010 - 08.2021

Some College (No Degree) - Introduction to Psychology

University of Toronto

High School Diploma - Science, Maths, Biology, Geography, English, Afrikaans

Belfast Highschool

Similar Profiles

CREATE PROFILE
Nico PrinslooCertified Information Systems Auditor