Audit, Risk & Compliance Manager at Mumias Sugar

Reporting functionally to the Audit Committee of the Board and administratively to the Chief Executive Officer, S/He will be responsible for generating the Company’s overall internal control and risk management of its operations and to independently perform risk based audits in line with the agreed audit plan to identify and assess the effectiveness of controls accuracy of financial records, systems and efficiency of operation risk management and compliance with Government regulations

Responsibilities

• Planning of financial, regulatory, compliance and/or operational audits for MSC;
• Coordinate work with Legal, Security Services, SHE, Quality Assurance and other control-related activities/functions;
• Conduct risk assessments and identify controls in place to mitigate identified risks.
• Perform audit procedures to verify that controls are operating through adequate testing and interviewing techniques.
• Analyze and conclude on effectiveness and efficiency of the control environment.
• Identify control gaps and opportunities for improvement.
• Document the results of audit work in accordance with company policies and other relevant international standards
• Prepare timely audit reports for executive management, the Board Audit Committee and the entire Board of Directors.
• Assess, evaluate and promote compliance to internal MSC policies.
• Contribute, as appropriate, in the year-end financial audit with the external auditor.
• Provide advice on internal control and participate in enhancing internal audit standards and practices within MSC
• Provide feedback on performance of Internal Auditors, on audit assignments, as applicable.
• Carry out periodic risk assessment on information systems, identify information security risks and exposures, and develop risk assessment strategies in order to determine information systems security needs
• Develop, revise, manage and enforce the necessary information systems (IS) security policies, standards and controls and regulatory controls across multiple platforms; evaluate roles and access levels, carry out Information
• Security Incident management.
• Deliver computer forensic services as required and carry out periodic vulnerability and penetration tests in order to conform to audit standards and requirements.
• Carry out periodic business impact assessments; manage Business Continuity Planning, implementation and review and co-ordinate ICT disaster recovery planning and testing activities
• Develop and carry out Information Systems user privacy and security training and awareness programs in order to increase and enhance user information security literacy levels

Qualifications

• Bachelor’s Degree in Business Management, Bachelor of Commerce – Finance Option
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Security Manager (CISM) is desirable and a definite advantage
• A Master’s Degree in Business Management and or a related field • Certified Information Systems Auditor is an added advantage
• At least ten (10) years’ experience, five (5) years spent at senior management level in significant organization.
• Understanding of the workings of Capital Markets Authority and Nairobi Securities Exchange is an added advantage