johancvjuly2015

CURRICULUM VITAE: Johan van Zyl

A. GENERAL INFORMATION

Physical address 15 Lightning Shot, Mooikloof 0059

Postal address P.O. Box 92154, Mooikloof,0059

Work tel. no (012) 671 8914

Work fax no. (012) 671 8180

Home no. (012) 996 0128

Cell phone no. 083 326 7767

B. PERSONAL DETAIL

Full name Johan

Surname van Zyl

Nationality South African Citizen

Home language Afrikaans

Other languages English

C. ACADEMIC QUALIFICATIONS

Pretoria Technicon 1987 – 1992

1987 – 1992: Nas. Dipl.

Computer Data Processing

Major subjects: Computer Business Programming, Information Systems

D. OTHER QUALIFICATIONS

Professional Qualifications

1996: ISACA

2004: ITIL Foundation

2005: ITIL Configuration, Release and Change Management

2005: Management

Development Program

GIBS

2009: Senior Leadership

Development Program

USB. Winner: Group project assignment

Other Qualifications/Courses

1994 to 1996 Various IT Audit courses at CBS Training: Auditing Networks, Auditing MVS and

Auditing AS400

1997 to 1998 Various IT courses at ABSA Training: Control Self Assessment, Auditing Y2K,

1998 to 2004 Auditing MVS; Introduction to MQ, Introduction to DB2

2006 ITIL: Service Deliver and Operations Manager course.

Johan van Zyl 1 04/18/23

E. PREVIOUS EXPERIENCE (most recent position first)

MMI Group

Physical address Momentum, 268 West Avenue, Centurion

MMI: IT Audit Specialist – 01 March 2013 to present.

Work force: 1 CAE, 1X Head of Audit: IT,1 X IT Audit Manager, 7 X IT Auditors.

Support: 7 Heads of Audit and 5 audit managers and 3 audit specialists

Customer base:

Momentum Retail, Momentum Employer Benefits, MMI Balance Sheet Management, Group Support

Services, Momentum Investments, MMSA Health, Metropolitan Retail, Metropolitan International

and I&O (Information Technology and Operations).

Duties

Main duties 1. Identify high risk areas, plan and scope audits – continuously

2. Apply sound IT audit methodology – including integrated audit approach

3. Ensure compliance with MMI GIA methodology and working papers, including audit execution

4. Develop and provide input in respect of new procedures or system

5. Customer relationship with IT Heads and Business Executives (C-level)

6. Research new trends in IT and emerging risks

7. Feedback to CAE and Heads of Audit on strategic initiatives within customer base

Identify high risk areas,

plan and scope audits

Once a year a high level overall planning for the next financial year audits are planned. Input

provided for IT related audits to be executed.

The plan is continuously monitored for changes – risk and customer request. Updated quarterly.

Individual audits area assigned to the best potential resource available from team.

Confirm audit scope and timing with business management.

Manage deviations from the plan and scope of the audit.

Apply sound IT audit

methodology –

including integrated

audit approach

Requires understanding of business environment to determine best audit approach.

This may require that methodology/approach be adapted to the specific requirement of the

business.

The usage of integrated audits for the specific environment is investigated and identified.

Indentify and use of acceptable audit frameworks that support the audit methodology.

Develop and maintain audit methodology in alignment with best practices.

Ensure compliance

with MMI GIA

methodology and

working papers,

including audit

execution

Ensure that MMI GIA methodologies are used.

Use Teammate as audit tool for the planning and execution of planned audits.

Ensure that audit working papers are used.

Ensure that audit work is done according to MMI GIA standards and that work performed can be

relied upon by external audit.

Perform audits at strategic level to ensure that overall functions can be relied on during the

execution of detailed audits – used as guidance for other audits.

Develop and provide

input in respect of new

procedures or system.

Provide Audit management team and auditors overview of the usage of different IT audit

disciplines on audits.

Identify new development methodologies used in Momentum and develop audit programs

accordingly.

Identify areas of improvement on audits and implement relevant improvement.

Provide support for integrated audits performed.

Customer relationship Manage relationship with the different IT managers within Customer base.


with IT Heads and

business executives

Manage and maintain relationship with IT Risk manager for MMI. Obtain and review strategic and operational plans to identify relevant information required for

the Audit universe used during the audit planning process. Attended the risk and audit forms to discuss IT related risks and/or concerns.

Research new trends

in IT

Perform research on new trends on IT and the impact on MMI I&O environment.

Provide support and training the technical audit teams for the identification of risk and audit

programs.

Provide feedback at IT Steercoms regarding risks and related matters on the new trends.

Attended the risk and audit forms to discuss IT related risks and/or concerns, including

emerging risks.

Assist the IT Risk Manager and IT Governance manager with risk identification and

management, including the drafting of relevant policies.

Attend related IT forums, seminars and workshops to stay informed on topics of interest in the current IT domain, including GRC.

Feedback to CAE and

Heads of Audit on

strategic initiatives

within customer base

Identify new strategy initiatives within the business units and provide feedback to CAE and Heads of Audit.

Identify potential impacts on the audit plan and make recommendations on changes. Assist with the alignment of Audit department to the new strategy. Identify risk areas that may require focus form audit. Feedback on the various IT forums, seminars and workshops attended for better understanding

of the direction of the IT.

FirstRand/MMI

Group

01 September 2009 to 30 June 2013 (Momentum unbundled from FirstRand to form MMI

Group with Metropolitan)

Physical address Momentum, 268 West Avenue, Centurion

Manager: IT Audit .

Work force: 1 CAE, 2 X ACR Auditors, 1 X PM Auditors and 1 X CAATS auditors.

Support: 3 X Audit managers and 10 X auditors (Business/Financial auditors)

Customer base:

Momentum Retail, Momentum Employer Benefits, MMI Balance Sheet Management, Group Support

Services excluding HR, MMI IT North.

Duties

Main duties 8. Identify high risk areas, plan and scope audits – continuously

9. Apply sound IT audit methodology – including integrated audit approach

10. Ensure compliance with MMI GIA methodology and working papers

11. Develop and provide input in respect of new procedures or system

12. Customer relationship with IT managers

13. Research new trend in IT


Identify high risk areas,

plan and scope audits

Once a year a high level overall planning for the next financial year audits are planned. Input

provided for IT related audits to be executed.

The plan is continuously monitored for changes – risk and customer request. Updated quarterly.

Individual audits area assigned to the best potential resource available from team.



Apply sound IT audit

methodology –

including integrated

audit approach

Requires understanding of business environment to determine best audit approach.

This may require that methodology/approach be adapted to the specific requirement of the

business.

The usage of integrated audits for the specific environment is investigated and identified.

Indentify and use of acceptable audit frameworks that support the audit methodology.

Develop and maintain audit methodology in alignment with best practices.

Ensure compliance

with FRGIA

methodology and

working papers

Ensure that MMI GIA methodologies are used.

Use Teammate as audit tool for the planning and execution of planned audits.

Ensure that audit working papers are used.

Ensure that audit work is done according to MMI GIA standards and that work performed can be

relied upon by external audit.

Develop and provide

input in respect of new

procedures or system.

Provide Audit management team and auditors overview of the usage of different IT audit

disciplines on audits.

Identify new development methodologies used in Momentum and develop audit programs

accordingly.

Identify areas of improvement on audits and implement relevant improvement.

Provide support for integrated audits performed.

Customer relationship

with IT managers

Manage relationship with the different IT managers within Customer base.

Manage and maintain relationship with IT Risk manager for MMI. Obtain and review strategic and operational plans to identify relevant information required for

the Audit universe used during the audit planning process. Attended the risk and audit forms to discuss IT related risks and/or concerns.

FirstRand Internal

Audit: Momentum:

ACR Auditor – 01 October 2007 to 31 August 2009

Work force: 1 Senior Manager, 1 Manager, 14 ACR Auditors (GIA audit team)

Customer base: Momentum: Wealth, Sales, Retail, Group Benefits, Health, New Markets and

Financial and Actuarial Services.

Duties

Main duties 1. Plan and scope audits

2. Identify risks, management‘s objectives and controls

3. Execute planned audits

4. Support other ACR auditor’s with Momentum systems



Plan and scope audits Once a year the overall planning for the next financial year audits are planned. Input provided for

IT related audits to be executed.

Plan and scope individual audits as per audit plan.



Identify risk,

management’s

objectives and controls

Risk based audit approached is used.

Management objectives are identified.

Risks are identified and rated.

Mitigating controls are identified.

Execute planned

audits.

Audit plans are created in accordance of the controls identified.

Audits are executed according to the agreed audit plans.

Write and complete audit reports.

Support other ACR

auditor’s with

Momentum systems.

Assist with identifying risks and controls in applications.

Assist with the execution of the audit when required.

Perform peer reviews of audits performed on Teammate.


with IT managers

Manage relationship with the different IT managers within Momentum – Each Business Unit

have it’s own IT department with IT manager.

Manage relationship with IT Risk Manager Provide the Audit universe used during the audit planning process. Attended the risk and audit forms to discuss IT related risks and/or concerns.

Momentum: Position 4 Snr IT Auditor – January 2007 till 01 October 2007

Work force: 1 Senior Manager, 1 Manager, 6 Internal Auditors

Customer base: Information Technology Support services (ITSS), Wealth, Sales, Retail, Health,

New Markets and Financial and Actuarial Services.

Duties

Main duties 1. Plan and scope ACR audits

2. Identify risks, management‘s objectives and controls

3. Execute planned ACR audits

4. Support business auditors with Integrated audits (ACR’S)

5. Performed SDLC reviews

6. Performed GCR reviews

7. Performed and assisted with CAATS (IDEA)

8. General IT support and training for team members



Plan and scope ACR

audits

Once a year the overall planning for the next financial year audits are planned. Input provided

for IT related audits to be executed.

Plan and scope individual audits as per audit plan.



Identify risk,

management’s

objectives and controls

Risk based audit approached is used.


Risks are identified and rated.

Mitigating controls are identified.

Execute planned ACR

audits.

Audit plans are created in accordance of the controls identifies.

Audits are executed according to the agreed audit plans.

Write and complete audit reports.

Support business

auditors with

Integrated audits

Assist with the up-skill of business auditors to perform ACR reviews.

Assist with identifying risks and controls in applications.

Assist with the execution of the audit were technical information is required.

Assist with the obtaining data for the execution of CAATS.

Assist with the execution of CAATS.

Performed integrated audits within the Health environment.

Performed SLDC

reviews

Reviewed high risk projects within the Wealth environment

Plan and scoped the review

Identified high risk areas for the projects


Created audit plans according to the risks identified.

Executed the audit plan

Write and complete audit report.

Performed GCR

reviews

Plan and scoped the reviews

Identified high risk areas for the projects


Created audit plans according to the risks identified.

Executed the audit plan

Write and complete audit report.

Performed and

assisted with CAATS

Performed CAATS as and when required on ACR audits.

Assist with the obtaining data for the execution of CAATS.

Assist with the execution of CAATS.

Provided the information to the relevant Business/Financial auditors for follow-up

General IT support and

training for team

members.

Assist with the procurement of IT hardware for the department.

Assist with the evaluation and procurement of IT software for the department.

Assist with the training of staff members in IT skills and concepts.


with IT managers

Manage relationship with the different IT managers within Momentum – Each Business Unit has

an IT department with IT manager.

Manage and maintain relationship with IT Risk Manager. Create and maintain the Audit universe - used during the audit planning process. Attended the daily ITSS incident/management feedback session. Attended the risk and audit forms to discuss IT related risks and/or concerns.

Nedcor: Position 3 Manager: IT Change Management: Transaction Processing - January 2003 to December 2006

Work force: 4 Managers 2 Admin staff members


Customer base: Various staff members requesting changes in Production

Duties

Main duties 1. Manage and approval of change requests.

2. Risk management of change request

3. Process management: Change and Risk process, general process consultation

4. Compliance representative (including FAIS & FICA)

5. Risk Management – Audits, Incident risks, legal incidents

Manage and Approval

of change requests

Number of changes: 50 per week.

Verify completeness of change request with regards to implementation, back-out and post-

implementation testing

Confirm change impact and risk to the organization.

Verify approvals and approve/decline request based on overview of request.

Communicate change status or request additional information/improvements to change request.

Attend meeting to discuss and provide input of major releases.

Risk management of

change request

Number of changes: Average 120 per week.

Provide baseline criteria for the quantification of risk and impact of change request.

Risk and Impact matrix for production system.

Review and advise on over all risk status for deployment period

Support unit with risk management of change requests.

Risk, Compliance and

Audit management and

administration

Ensure compliance to legislation and associated regulations for IT Change, Release and

Configuration Management in conjunction with Group IT Compliance

Audit administration for IT Change, Release and Configuration Management

Ensure Risk management for IT Change, Release and Configuration Management

Awards Internal Award for Dedication– 2004

Internal Award for Dedication – 2005

Reasons to end duties Contacted by Audit Manager from Momentum and offered a position to assist with IT audits and

create an integrated audit approach between business/financial and IT audits.

Contact person Line manager: Hayes Francis– 083 327 3244 – Senior Manager

Nedcor: Position 2 Risk Manager: IT Change Management - April 2002 to December 2002

Duties

Creation of Risk

Model for It Change

Management

Create policies and procedures for IT Change Management:

Due to impact as a result of changes implemented, position was created for the management of risk

within the IT Change Management unit.

Responsible for the identification and management of High risk changes and ensure appropriate

levels of risk during change periods.

Create a classification system for changes. Categories: Critical, High, Medium and Low changes

Reasons to end

duties

Restructuring of function into current portfolio with additional responsibilities and the need to

broaden my exposure, scope of control and work experience.

Contact person Line manager: Clive Blaiklock – Retired

Nedcor: Position 1 IT Audit – February 1998 to March 2002


General Controls Review of General Controls in the IT environment for Nedcor, Nedcor Investment bank and Old

Mutual Bank

Assist with Control Self Assessment process and workshops for IT

Implementation of Cobit Framework in Nedcor, Nedcor Investment Bank and Old Mutual Bank

Project Audits Project reviews against Funnel and Gates (SDLC) framework for Nedcor and Nedcor

Investment Bank

Ensure adequate controls is systems during design and development phases

Monitor and verify implementation of solutions

Awards Bronze, Silver and Gold awards in 2001 for excellent delivery on project objectives

Bronze awards in 1999 and 2000 for excellent work delivery and acceptance of responsibility

Contact person Line manager: Jacques Lourens – Senior Manager, IT Audit, Nedcor Bank

Head: IT Audit: Deon Pienaar – Group Internal Audit, Nedcor Bank

Reasons to change

job

The General Manager for IT Operations offered me the risk management position at IT Change

Management. I accepted the position to further my career and broaden my scope.

ABSA IT Audit – July 1996 to February 1998

Project Audits Project reviews of Front-end solutions – client interface systems (Internet Banking, ATM’s,

Banking Platforms)

Ensure adequate controls is systems during design and development phases

Monitor and verify implementation of solutions

Implementation of Control Self Assessment

Reasons to change

jobs

I was offered a similar position at Nedcor Bank. Nedbank was then regarded as on of the most IT

innovative banking environments in SA.

Contact person Line manager: Karen – Retired.

Office of the

Auditor-General

Manager: IT Audit – May 1995 – June 1996

Duties General Control Audits

Training of IT Audit Staff

Financial Audit of State Computer Operations (SITA)

Reasons to change

job

Offered a better position at ABSA that would broaden experience and scope of work.

Contact person Line manager: Mr. Kallie Pienaar

Office of the

Auditor-General

Financial Auditor – December 1984 – May 1995

Duties General Financial Audits at Department of Public Works and Department of Correctional

Services

General Systems Audits at Department of Public Works and Department of Correctional

Services


Reasons to change

job

Offered a promotion as manager in the IT Audit department.

Contact person Line manager: Mr. Jaap Meyer


johancvjuly2015

Documents