Job Purpose:

• The role holder will provide independent assurance on Governance, risk management and control (GRC) processes and ensure subsidiary audit activities align with group audit framework by engaging through the planning phase and review and finalization of the audit reports before issuance, with focus on information technology audits undertaken by subsidiary audit teams. This includes execution of thematic/ integrated audits across the group.

Key Responsibilities:

• Support group audit strategy execution.
• Integrate technology audit frameworks, standards and best practices in the group internal audit framework.
• Monitor progress of IS related components/ audits and support country CAEs to deliver the audit plans (Banking and Non-banking).
• Undertake quality reviews of audit working papers and ensure consistency across the group in audit tests conducted and methodologies applied and conformance with approved internal audit framework.
• Undertake special audit assignments as and when requested by the Group Chief Audit Executive (GCAE).
• Undertake quality review of the draft/ final reports before issuance by the CAEs.
• Participate in debriefs with various audit stakeholders and execute any actions assigned from these to bridge the expectations gap
• Attend Group BARMC/ Country BAC Meetings/ Management meetings to present/ clarify any IS audit reports and queries.
• Undertake training to develop/ sharpen skills of the wider audit team members and bridge any performance.

Academic Qualifications:

• Bachelor’s degree in computer science/ information technology management/ accounting.

Professional Qualifications / Membership to professional bodies/ Publication:

Mandatory:

• Certified Information Systems Auditor (CISA).
• Certified Public Accountant/ ACCA.

Recommended:

• Certified Internal Auditor (CIA).
• Certified Internal Audit Quality Assessor (CIAQA).
• Certified Ethical Hacker (CEH).
• Certified Information System Security Professional (CISSP).

Work Experience Required:

• Over ten (10) years’ relevant experience with over five (5) years in a senior management role in a similar sized organization with regional presence, preferably the Banking industry.
• Demonstrable work experience in information systems auditing or a related information systems field.

Competencies:

Internal Auditing Competencies:

• Full knowledge of Global Internal Audit Standards and Topical requirements released by IIA and ISACA.
• Ethics and professionalism: Maintaining high standards of integrity and ethical resilience.
• Full awareness of IIA’s Quality Assurance and Improvement Program. 
• Audit methodologies with specific focus on Information Systems Audits.
• Professional Communications - Excellent verbal and written skills for reporting findings and communicating with stakeholders.
• Knowledge of Integrated and Coordinated Assurance.

Professional Competencies:

• Leadership - Planning & Organizational skills; Lead and guide a team to deliver results with efficiency and effectiveness.
• Change Management – Capacity to adapt to new technologies and challenges.
• Project Management – End to end project discipline; Time management: Ability to manage multiple deadlines and tasks effectively.
• Negotiation and Conflict Management: Ability to collaborate effectively with different teams and individuals.
• Data analysis and data mining: Proficiency in using data analytics and visualization tools to support outcomes and results/ conclusions.
• Analytical and critical thinking: Ability to think logically and solve problems/ recommend solutions. 

Governance and Risk Management Competencies:

• IT governance and frameworks: Familiarity with frameworks such as COBIT, ITIL. NIST and ISO/IEC 27001. Industry, Applicable Global and Local technology regulations.
• Strategy Strong commercial awareness and an ability to connect the ICT strategy to the overall strategy. 
• Fraud - Pay close attention to detail; Excellent judgment and analytical abilities; Probing skills and impeccable integrity.
• Organizational Resilience and sustainability.

Technical and domain knowledge:

• IT systems and infrastructure: Understanding of hardware, software, networks, databases, and various operating systems (Windows, Linux, UNIX).
• IT security and cybersecurity: Knowledge of security principles, practices, and leading practices.
• Risk and controls evaluation: Ability to assess the effectiveness of IT controls, risks, and security procedures.
• Emerging technologies: Awareness of current and emerging trends and associated risks.
•  
• Appreciation of Banking Operations (Automated and Manual).