The overall responsibility of the job holder will be to plan and carry out audit assignments aimed at providing assurance of information and cyber security to senior management and the Board Audit Committee. He / She will be required to ascertain the extent of compliance with documented policies, procedures and regulations and provide assurance to Management that IS processes are functioning effectively as required. He/She will be required to facilitate good practice in giving assurance on risk management, controls and governance standards.
Plan and complete audit assignments involving Information and security assurance in consultation with Head ICT Audits according to approved audit plan within the defined timelines.
Participate and contribute in the risk assessment process for ICT Assurance in the
Bank and document the results.
Participate in the development of risk based audit plans detailing the scope, nature and timing of audit activities.
Review the systems established to assess compliance with policies, plans, procedures, laws, and regulations which could have a significant impact on security and report on the assurance and compliance levels.
Monitor and evaluate effectiveness of the ICT risk management system in place and assist as a liaison person in conducting investigations when called upon.
Develop in consultation with Head of ICT Audits appropriate audit tests and programs aimed at efficiently and effectively checking ICT Assurance levels.
Stakeholder engagement; agree on issues picked during audit activity and submission of draft report on audit findings by highlighting levels of compliance with key controls, procedures and management policies and regulatory requirements among others.
Ensure clarity in documentation of issues raised, their impact on business and quality management actions to mitigate the risks.
Continuously monitor assurance on ICT security and cyber compliance through stakeholder engagement, monitoring of trends and developments and report on the results at agreed intervals or on ad hoc basis as may be required.
Follow up of audit issue action plans as per stakeholder engagement agreements and track to completion within agreed timelines.
Follow up recommendations and issue action plans logged from previous audits to ensure their timely closure.
Continuous review of ICT Assurance audit plan and provide technical expertise to business on controls of existing and incoming ICT Infrastructure and systems, including major projects while maintaining professional independence.
To support audit other staff by sharing expertise with members supporting ICT assurance.
Maintain pro-active approach to risk assessment through market intelligence, continuous engagements with stakeholders to understand business dynamics and through data analytics.
Escalate in a timely manner delays in execution of audit work to Management.
Perform other related duties that may be assigned from time to time by Management.
Execution of audit assignments within allocated timelines.
Timely submission of draft report summaries.
Quality of recommendations and closure rate of audit actions and issues.
Satisfactory results of periodic client surveys and external peer reviews.
Completion of annual audit plan.
Achievement of agreed performance targets.
Annual risk assessment report on assigned areas
A Bachelor’s Degree in Computer Science, IT or Engineering in an accredited University.
CISA professional certification.
ACCA/CPA / related accounting professional certification are preferred.
Membership of IIA/ISACA in good standing is preferred.
CISM – an added advantage.
Five (5) years’ experience in an internal audit – ICT related environment in the financial sector or audit firms with at least two years in information/cyber security field.
Understanding of information and cyber security risk management, processes and associated control requirements.
Innovation; able to keep up with trends of meeting the demands of internal and external customers and controls thereof.
Collaboration; forms business partnerships that help drive the Bank’s assurance agenda.
Multi-tasking; able to manage several concurrent audit assignments and prioritise demands.
Flexibility and adaptability; ability to keep pace with latest trends in addition to new audit requirements.
Excellent communication skills; strong and confident, articulate in communicating to both internal and external stakeholders.
Analytical; capable of managing numerous information sources and providing data analysis reports to senior management.
Professional Independence; exercise objectivity, competence, discretion and courage to raise and escalate matters where applicable.
High level computer literacy.
Proficiency in Accounting and auditing practice.
Conversant with The Banking Act, Prudential Guidelines, International
Accounting and Auditing Standards among other relevant regulatory requirements.