Job Summary
Responsible for Achievement of sound control systems to safeguard the Information systems of the company.
Job Responsibilities
Perform assessments of all new and existing systems (including peripheral/interfaced applications)
Preparing audits reports which clearly communicates audit findings and recommendations
Reviewing new applications systems developmentacquisitions or major changes to existing systems i.e. analysis, design and implementation of identified inherent risks
Reviewing data and network security e.g. access controls, systems back-ups, segregation of duties, etc
Reviewing documentation/procedures such as Service level agreements, IT contracts, DRPBCP programs, ICT policy
Reviewing software and hardware support and maintenance
Reviewing other functions as directed. This includes non-IT issues.
Participating in Audit assignments outside Kenya, which will include IT, plus tasks, assigned in other areas.
Representing Internal Audit in Website, BCP, and DRP activities.
Assisting the IA department with any IT assistance as required.
Provide advice in resolving information security incidents.
Quality assurance to ensure that all work delivered, including working papers both meet the standards required as well as support the audit findings, recommendations and conclusions
Participate in the development of the annual Internal Audit Plan.
Ensure follow up and disposal of agreed audit recommendations logged from previous audits.
Participate in the BAC file preparation.
Maintaining effective relationships with business management.
Qualifications
Upper second degree in a Technical or Business field from a recognized University;
Professional Qualifications on Certified Information Systems Auditor (CISA) or
Certified Information Security Manager (CISM) or CISSP (Certified Information Systems Security Professional);
2 – 3 years external audit work experience specializing in Information Systems audit from a reputable audit firm or extensive experience in Information Systems audit within an internal audit function;
Detailed understanding of the Insurance Industry will be an advantage;
Good understanding of the concept of risk and risk assessment;
Knowledge and experience in the use of CAAT’s is a must;
Detailed knowledge of information systems governance and security principles & practices;
Competencies – Level
Results driven
Customer service
Creativity/Innovation
Flexibility
Accountability
Technical credibility
Continuous improvement
Teamwork
Communication
