Job Description
JOB PURPOSE
The job holder will provide independent assurance on the Bank’s information systems, specifically on integrity, confidentiality and availability of the information systems as well as providing assurance on information systems governance, risk management and controls in place.
Key responsibilities and accountabilities
• Provide assurance on IT risk management framework, particularly on applications and infrastructure security.
• Developing and maintaining the IT Risk Assessment framework.
• Prepare detailed Information System Audit Plans and programs.
• Conduct periodic IT audits and reviews of systems, applications, IT processes and digital channels.
• Perform pre and post implementation reviews of new systems implementations or enhancements.
• IT security audits (e.g., network, applications, and data centre), including evaluating if security vulnerabilities are properly identified and mitigated. Coordinate the scope and performance of these reviews with business units and external security experts.
• Evaluate and test IT general controls and provide value-based feedback.
• Schedule and perform reviews on IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate.
• Develop, build & implement tools to analyse data to improve audit efficiency and effectiveness, Including for risk assessments.
• Prepare and document all audit assignments on working papers.
• Prepare audit reports with value adding recommendations for presentation to Management and Board Audit Committee.
• Perform other duties as assigned.
Skills Requirements:
• Outstanding interpersonal and communications skills; ability to communicate effectively with technical and non-technical audiences.
• Comprehensive understanding of internal control environment within the IT function. An Understanding of database management, software development and networks
• Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations.
• Have a strong Industry / Market awareness
Minimum Qualifications and Experience
• Bachelor’s Degree in Computer Science, Management Information Systems, or any other related field.
• Minimum 3 years’ experience in a similar role preferably in a financial institution.
• CISA certification a must.
• Other information systems certification is an added advantage (e.g., CISM, Certified Ethical Hacker, Certified Data Privacy Solutions Engineer)
• Member of ISACA.