Posted:1 hour ago
By:Hiring Kenya
Company Details
Industry:
Banking
Description:
I&M Bank is a wholly owned subsidiary of I&M Holdings Limited, a publicly quoted company at the Nairobi Securities Exchange (NSE). The bank possesses a rich heritage in banking. Started in 1974, it evolved from a community financial institution to a publicly listed major regional commercial bank offering a full range of corporate and retail banking services, 35 branches in Kenya and international operations in 3 other countries. I&M Bank is a dominant player in the Kenyan market that has been consistently growing, and is innovative in terms of the type and range of products and services it offers. CDC Group plc, a development finance institution wholly owned by the government of the United Kingdom owns approximately 10.68% of I&M Holdings, the holding company of I&M Bank Ltd. In addition, I&M Bank has a technical support agreement with International Finance Corporation for staff training, product development and risk management. I&M Bank also enjoys medium term foreign currency credit facilities from European Development Financial Institutions - Proparco, DEG and FMO. I&M Bankโs international correspondent banks include major multinational banks such as Bank One Ltd, Citibank NA, CommerzBank AG, Deutsche Bank AG, ICICI Limited Mumbai, Mashreq Bank PLC, Standard Bank of South Africa and Standard Chartered Bank NY. I&M Bankโs international network includes Bank One Limited (Mauritius), I&M Bank Tanzania Limited and I&M Bank Rwanda Specialties Banking Services, Commercial Banking, Asset Finance, Mobile Banking, Internet Banking, Investment Management Services, Diaspora Banking, Credit / Debit / Prepaid cards, Wealth Management
Job Description
Job Purpose:
- The role holder is responsible for providing independent assurance on the governance, risk management, and control (GRC) processes related to information technology, including general and application controls, data integrity, confidentiality, availability, and system security.
Key Responsibilities:
- Participate and contribute to assessment of risk for target audit areas within the IS space as guided by the Manager, IS Audit.
- Formulate engagement audit plans, prepare planning documents and ensure alignment of objectives, scope, methodology, and IT risk considerations in collaboration with the Manager, Information Systems Audit.
- Develop engagement audit tests.
- Execute audit procedures in alignment with IS audit objectives to ensure effectiveness and efficiency in assessing the design and operating effectiveness of controls.
- Document complete and accurate audit evidence and working papers to support audit conclusions and recommendations.
- Identify and document control weaknesses and associated risks for inclusion in audit reports, ensuring appropriate escalation to relevant stakeholders.
- Lead assigned IS audit engagements, ensuring timely execution of audit procedures, monitoring progress against the approved plan, and identifying opportunities to enhance processes and strengthen controls.
- Continuously evaluate audit objectives, test procedures, and risk coverage to ensure comprehensive coverage of the technology environment.
- Engage with audit clients to validate root causes and ensure proposed management actions are appropriate and actionable.
- Support special audits involving Information systems as assigned.
- Review the governance, risk management, and control environment across IT development projects, DevOps practices, and software engineering workflows, including SDLC processes, CI/CD pipelines, environment management, and agile delivery models.
Academic Qualifications:
- Bachelor’s in information systems / computer science / IT / Business-related field, or equivalent.
Professional Qualifications:
- Certified Information Systems Auditor (CISA) – required.
- One (1) of: CISM/ CRISC/ CGEIT /CIA /ISO/IEC 27001 Lead Auditor or Implementer/ CISSP/ CIAQA / CCNA/ CPA /CEH / CHFI (added advantage).
Membership Affiliations:
- Information Systems Audit and Control Association (ISACA).
Work Experience Required:
- Over five (5) years in a similar role in a similar-sized organization.
Competencies:
- Planning & Organizational skills.
- Advanced analytical skills and attention to detail.
- Strong oral and written communication skills.
- Effective interpersonal skills to manage stakeholders at all levels.
- High standards of ethics and integrity.
- Sound judgment for risk-based audit planning, scoping, and prioritization.
- Strong commercial awareness to align audit outcomes with business objectives.
- Banking Knowledge.
- Comprehensive risk knowledge across IT and operational domains.
- Experience in reviewing DevOps and IT engineering processes, including CI/CD pipelines and agile practices.
Salary: Discuss During Interview
Education: Diploma
Employment Type: Full Time
