Reporting to the Head of Internal Audit, the incumbent will be required to assess IT security risk and continuously analyze the effectiveness of IT control activities, and report on them with actionable recommendations.
S/he will assist in internal audit assignments as assigned. The position requires the incumbent to maintain an up-to-date understanding of IT industry best practices.
Main Duties:
Assesses threats and vulnerabilities regarding information assets and recommends the appropriate security controls and measures
Analyses the effectiveness of IT control activities, validates baseline security configurations for operating systems, applications, networking and telecommunications equipment and reports on them with actionable recommendations.
Monitors the banks compliance with IT security policies, standards, guidelines and procedures
Participates in security investigations and compliance reviews as requested by Head of Internal Audit or the Chief Executive.
Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented
Serves in an advisory role in application development projects to assess security requirements and ensure controls are implemented as planned and that IT security issues are addressed throughout the project life cycle.
Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
Specifically carry out quarterly reviews of high risk systems namely Clearing, Swift, Reuters, Agency banking, ATMs, Mobile banking, internet banking and T24 in a rolling plan.
Maintain a list of all outstanding Internal Audit Issues and making a follow-up for their closure.
Presenting audit findings in form of draft audit reports for review and discussion of the findings with the Head of Internal Audit or the team leader appointed for that assignment.
Carry out any other duties as assigned by the Head of Internal Audit.
Minimum qualification and experience required:
An undergraduate in degree in Computer Science
Certified Information Systems Auditor (CISA) qualification
Computer literate with good working knowledge of MS Windows Office Suite. Proficiency in Audit Command language (ACL) and Team Mate will be an added advantage.
At least Four years’ experience in IT environment in a bank or IT firm.
Hands on experience in T24, mobile banking, Internet Banking and other alternate delivery channels in the banking environment.
Ability to analyze IT applications and systems and evaluate IT operations for economy, efficiency and meeting objectives of protecting the integrity, confidentiality and availability of data.
Good understanding of banking operations
Report writing skills