Key Responsibilities

Strategic Management - 25%

Lead implementation of the IT Audit Strategy in compliance with IT audit standards.

Prepare and execute a risk-based IT Audit plan in line with the IT Audit Strategy.

Carry out value for money reviews by evaluating the business case for the proposed investments in information systems to determine whether it meets business objectives.

Internal Audit and Continuous Improvement - 15%

Determine and highlight the key IT audit findings for reporting to relevant stakeholders.

Facilitate the identification of current or emerging IT process weaknesses and advise on remedial actions.

Operations and Sustainability - 30%

Review of the IT strategy and its alignment to the business strategy.

Review of the IT Security policies, standards and controls for completeness and alignment to generally accepted practices e.g. ISO 27001;

Evaluate the risk management practices to determine whether the bank's IT related risks are adequately managed.

Follow up on all IT audit recommendations to ensure the timely implementation of controls.

Systems and Policy Development - 20%

Review and make a judgement on the system controls including those relating to achieving value for money and the prevention and detection of fraud.

Provide advice on proposed IT developments such as major new systems and proposed IT related initiatives to help ensure risks are properly identified and evaluated and appropriate controls are built in.

Leadership - 10%

Provide leadership to the department staff, supervise and manage their performance and development in line with the various financial services objectives.

Key Relationships

Direct Reports to this Position

Assistant Manager - 2

Customers of this Position

Chief Operations Officer

Director Internal Audit

Director IT and entire IT & IT Security Teams

Head of IT Audit (Group)

Knowledge, Skills and Experience required for this Role

Job Knowledge

In-depth understanding of bank operating environment with experience in review of major banks IT operating systems.

Knowledge and experience in the use of Computer Aided Auditing Tools and Techniques (CAATTs) e.g. ACL.

Detailed knowledge of information systems governance and security principles & practices e.g. IS027001, COBIT and ITIL frameworks. 

Detailed knowledge of ISACA's information system auditing standards and principles.

Knowledge of audit planning and audit project management techniques, including follow-up.

Detailed knowledge of risk assessment concepts, tools and techniques in an audit context.

Detailed knowledge of control objectives and controls related to information systems.

Knowledge of database administration practices and operating system technologies

Job Experience

At least 10 years working experience in auditing of information systems or managing IT projects.

Education:

Bachelors' degree (2nd Upper and above) in Computer Science, Information Systems Management, Business Administration or related fields). Master's degree is an added advantage.

Qualifications in Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Controls (CRISC) and CISSP (Certified Information Systems Security Professional);

Must be a member of ISACA

Other qualifications such as CIA, CPA (K), ACCA, six sigma or ACIB would be an added advantage.

ICT certifications (CCNA, MCSE, ITIL, PRINCE2) an added advantage.

Competencies required for this Role

Applying Expertise and Technology

Analytical skills

Presenting and Communicating

Delivering Results and Meeting Customer Expectations

Adapting and responding to change

Entrepreneurial and Commercial Thinking