INFORMATIONS SYSTEMS AUDITOR at Commercial Bank of Africa Ltd (CBA)

JOB PURPOSE STATEMENT

The purpose of this role is to conduct internal audits on CBA Group’s information systems related to information technology security, functions/ processes and the technology
applications that support business functions. The internal audit activities involve analyzing risks and controls, recommending process and control improvements, and providing reports summarizing audit activity to relevant stakeholders to ensure appropriate security controls are in place to protect the Group’s assets from ICT related risks. The review should also cover compliance with the Group’s ICT and Information Security policies with laws, regulatory guidelines and applicable standards. The Information Systems Auditor must effectively interface with all levels of management, as well as participate in Group Audit initiatives and activities.

KEY RESPONSIBILITIES

• Manage information systems audit engagements including planning, development of audit testing and evaluation programs, execution, quality assurance, and reporting of
  audit results under the direction of the Audit Manager – Operational Risk. (35%)
• Conduct continuous risk assessment of the information technology environment including general system controls, infrastructure controls, and application controls to ensure consistency in achieving compliance requirements (regulatory, standards and internal policies). (25%)
• Support the financial and operational auditors in identifying high level information system risks, as well as designing and building automation tools for use by the audit department. (20%)
• Contribute ideas that strengthen internal audit practices and other risk/control efforts. (10%)
• Participate in projects related to the implementation of new technologies and business applications by offering risk and control consulting and advice to Group Management.
  (10%)

COMPETENCE REQUIREMENTS

• Technical skills to effectively perform IS audit activities/tasks in a manner that consistently achieves established quality standards or benchmarks.
• A firm understanding of internal auditing standards (as issued by the IIA, ISACA) in respect of audit, internal control, risk and governance principles.
• Able to integrate understanding of industry trends and vulnerabilities to identify future possibilities, opportunities and risks.
• Knowledge and application of modern IS security management practices in financial services industry to proactively review and recommend security quality improvements inline with technological and product changes.
• Ability to understand and document workflows and business processes.
• Knowledge and effective application of all relevant banking policies, processes, procedures and guidelines to consistently achieve required compliance standards or
  benchmarks.
• Performance management to optimize personal productivity.
• Organized; able to work both independently or in a team setting.
• Ability to identify solutions that effectively address business and control needs.
• Interpersonal skills to effectively communicate audit results to functional heads and other stakeholders.
• Knowledge and effective application of all relevant banking policies, processes, procedures and guidelines to consistently achieve required compliance standards or
  benchmarks.
• Self-empowerment to enable development of open communication, teamwork and trust that are needed to support true performance.

QUALIFICATIONS AND EXPERIENCE REQUIREMENTS

• Bachelor’s degree preferably in Information Systems Management (Computer Science), Business Administration or related fields.
• Be a qualified Certified Information Systems Auditor. Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security
• Management and Ethical Hacking. Certified Internal Auditor designation is a plus.
• 5 years of information system audit experience – conducting information systems audits in a financial institution would be highly desirable.
• Experience of working in the IT function within a banking environment will be an advantage.