Principal Systems Auditor – Financial Systems and Information Security

Description
We are pleased to announce the subject career opportunity within the CEO’s Office under Internal Audit. In keeping with our current business needs, we are looking for a person who meets the criteria indicated below.
Detailed Role Description
Reporting to the Senior Manager – Networks and M-PESA Audits the position holder will be responsible for for leading, planning, performing and documenting Cyber/IT Security reviews and advisory assignments as well as audits of Financial Services Systems in accordance with the internal audit plan. These audits shall include but not be limited to Vulnerability Assessments, Penetration testing, audits of Mobile Money systems and Pre/ Post-Implementation reviews.
 
The position holder will also be responsible for supporting strategic business initiatives by advocating and enhancing the risk and control environment, and when appropriate, engaging, managing and reviewing the work of external consultants/advisors.
Job Responsibilities

Participation in the overall development and delivery of the audit plan
Review of the mobile money systems from a technical standpoint to provide assurance on the adequacy of controls are adequate to mitigate and/or manage the technology risk to acceptable levels
Review of security controls around key network elements (BSS, MSC, HLR/AUC, IN, NGN, GGSN/SGSN)
Prepare deliverables/reports for senior management that include thematic issues, trends and other micro/macro level risks identified through the execution of IT audits within the Financial Services space
Serve as an on-going subject matter expert in the area of information security controls and technologies
Present, discuss and follow-up on audit recommendations with management
Delivery of continuous information security assessments and penetration testing.
Articulation of security risk exposure to various stakeholders.
Review security control frameworks/guidelines to ensure consistent application of security controls
Review procedures for investigating and closure of technology security incidents in line with industry best practices
Keep abreast with the latest technology security trends and provide input to mitigate emerging threats

Qualifications

Degree in Computer Science, IT, Business Information Systems (or related technical / business field) from a recognized university.
5-7 years working experience in information systems and cyber security assurance
Demonstrated deep interest in IT Security and broad IT expertise coupled with good understanding of financial services and impacting laws and regulation
Strong working knowledge of penetration testing tools and methodologies including but not limited to Application Security, Database Security, Web services security, Network Security, Mobile Security and VAS systems security
Knowledge of common IT and networking technologies (operating systems, relational databases, network/mobile technologies) including Oracle or MS SQL databases, Unix / Linux / Windows etc.
Detailed understanding of frameworks, principles, practices, and techniques related to IT Security
Holder of Certified Information Systems Auditor (CISA) or equivalent
Security qualification (CISSP or CISM or other information security certification)
Experience in use of CAATs a must
Strong relationship, communication and stakeholder management skills
Ability to evaluate risks, articulate issues, develop consensus, raise awareness and recommend practical solutions
Strong Written and Verbal language skills
Ability to initiate and build effective stakeholder relationships
The ability to work under pressure and be resilient and tenacious to get results

Note to Applicants
As part of our recruitment process we will request the below documentation which will be required as soft copies at a later stage of the process.

An updated CV with a confirmation of three referees- 2 must be professional and must have supervised you at some point, the other referee can be a colleague in the same professional field. If the referees are within the same organization that you are working with, you will need to confirm to us that it’s okay to contact them in writing (via email). This also includes all references within the Human Resources department.
Scanned copy of certificate of good conduct from the CID (Less than 1 year old) – Applicable to Kenyans Only
Scanned copy of certificate from Credit Reference Bureau (CRB) – Applicable to Kenyans Only
Scanned copy of University Certificate or letter from the University requesting for internship
Scanned copy of your National ID / Passport-Legal Form of Identification