Audit Manager, ICT Services Operations at National Bank of Kenya

Job Ref No. HR/030/2020

Division: Internal Audit

Reporting to:  Head ICT Audits

Position scope: The role holder will be expected to provide objective and independent assurance to senior management and the Board Audit Committee that the information systems in place and new related projects and controls are appropriate, well developed, reliable and secure.

He/She will have the responsibility of evaluating the adequacy of processing controls as they relate to each audit, and the effectiveness of general computer controls in the ICT environment.

In addition, He/ She will be supporting the Director of Internal Audit and Senior Management through Head of ICT audits in examining, evaluating, and verifying operating systems, procedures, internal controls, and recorded data for the information technology departments of the Bank.

Key responsibilities:

• Provide expertise in the audit of ICT services operations across the Bank in line with approved internal audit methodology, processes, procedures and timelines.
• Participate in the development of risk based IS annual audit plans detailing the scope, nature and timing of audit activities.
• Plan and perform technical information systems audits on all mapped critical areas and processes and highlight improvement points. Critical areas to be continuously mapped and reviewed include among others;

1. IT governance,
2. IT systems and banking applications,
3. Network and communication infrastructure,
4. IT general controls,
5. Operating systems and databases,
6. Business Continuity and disaster recovery,
7. Major systems acquisition and implementation projects,
8. Data Centre operations among others

• Participate from an audit perspective in reviewing acquisition of new major IS assets by advising project teams on information systems control and security issues and ensure all set criteria are met.
• Interface and perform necessary special integrated audit projects with the Business/Branch Networks and Central/Shared functions.
• Stakeholder management and offer expertise on quality recommendations for ICT service and operational controls.
• Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
• Discuss audit findings and recommendations with audit clients and prepare management and board papers for reporting significant control issues to the senior management and the Board Audit Committee.
• Coach, mentor and offer expertise to other staff within the division, including offering support on IS related areas.
• Track and follow up on relevant IT audit issues emanating from Internal Audit Reports, and other external independent reviews to ensure timely closure.
• Support in raising awareness to staff on ICT service and operational controls.
• Assist in conducting ad-hoc investigations and reviews, as a liaison subject matter expert, as may be requested by senior management and/or the Board Audit Committee.
• Other duties may be assigned by the Internal Audit Management from time to time.
• Execution of audit assignments within allocated timelines.
• Quality of audit recommendations and closure rate.
• Satisfactory results of periodic client surveys and external peer reviews.
• Timely submission of audit report summaries.
• Effective Completion of IS annual audit plan.
• Annual risk assessment report on assigned areas.

Skills & Experience:

• A Bachelor’s Degree in Computer Science, IT or Engineering from a recognised University.
• CISA professional certification.
• ACCA/CPA / related professional certification are preferred.
• Membership of IIA/ISACA in good standing is preferred.
• CISM – an added advantage.
• Five (5) years’ experience in an internal audit/ ICT related environment in the financial sector or audit firms with practical and hands on experience.
• Understanding of ICT risk management, processes and associated control requirements.
• Innovation; able to keep up with trends of meeting the demands of internal and external customers and controls thereof.
• Collaboration; forms business partnerships that help drive the Bank’s Assurance agenda.
• Multi-tasking; able to manage several concurrent audit assignments and prioritise demands.
• Flexibility and adaptability; ability to keep pace with latest trends in addition to new audit requirements.
• Excellent communication skills; strong and confident, articulate in communicating to both internal and external stakeholders.
• Analytical; capable of managing numerous information sources and providing data analysis reports to senior management.
• Professional Independence; exercise objectivity, competence, discretion and courage to raise and escalate matters where applicable.
• Proactive and Agile