Head Information Communication Technology (ICT) Audits at National Bank of Kenya

Reporting to: Director Internal Audit

Position scope: The role holder will have the responsibility of leading a professional team of auditors in carrying out independent and objective assurance and consultancy services through examining, assessing and verifying the adequacy, effectiveness and efficiency of the Bank’s ICT Internal control systems, procedures, risk management and governance processes.

He/ She will be required to recommend continuous improvements on ICT systems and enhance internal controls through scheduled and continuous audits.

The role holder will also be expected to perform Quality Assurance on ICT audit department in line with IIA guidelines and address noted improvement gaps.

Key responsibilities:

• Develop and Implement ICT audit strategy for the Audit Division, in consultation with the Director Internal Audit, including being proactive in researching and offering oversight in implementation of latest controls and mitigations in ICT environment, through close but independent collaboration with 1st and 2nd lines of defences.
• Developing and enforcing ICT Internal Audit methodology, standards and procedures to ensure effective assurance and functioning of ICT function.
• Understand current and emerging technology risks, advice management on related controls, provide assurance on the level of adherence to controls for existing and new technologies including cyber related risks.
• Provide leadership to all Audit Managers in the audit of ICT and all other related information Systems in line with approved audit methodology and audit objectives.
• Objectively review the systems established within the assigned areas to assess compliance with policies, procedures, laws and regulations and highlight significant improvement areas.
• Plan and perform technical information systems audits on mapped critical areas and processes and highlight improvement areas in detailed audit reports.
• Participate from an audit perspective in reviewing acquisition process of major new Information Systems assets by advising project teams on information systems control and security issues and ensure IT capabilities are at the acceptable standards.
• Proactively discuss audit observations and recommendations from audit projects with audit clients and prepare report summaries for reporting significant control issues to senior management and the Board Audit Committee.
• Track and follow up on relevant audit issues emanating from Internal Audit Reports and other independent external reviews to ensure their timely resolution and closure.
• Participate in the review of the Internal Audit Charter in line with the relevant standards and guidelines.
• Participate in the development and review of risk based annual ICT audit plans detailing the scope, nature and timing of audit activities.
• Assist in conducting ad-hoc technical ICT investigations and reviews as may be requested by senior management and/or the Board Audit Committee from time to time.
• Carry out internal assessment on Quality Assurance and Improvement Program to ensure continuous improvement of ICT audit processes as per Institute of Internal Auditors Guidelines.
• Supervise, coach, mentor and offer leadership to all Audit managers and in particular those handling ICT audits to maintain a high performance culture.
• Perform consulting activities as scheduled or as requested by senior management.
• Tracking latest IT security innovations, keep abreast of latest cyber security technologies and providing appropriate recommendations for the Bank.
• Prepare Board Audit Committee papers summarizing significant audit observations arising from ICT audits on quarterly basis.
• Champion and raise awareness to internal stakeholders on controls and checks to ensure assurance of IT Assets in the Bank.
• Ensure compliance with both internal and external regulatory requirements in the normal course of duty.
• Maintain confidentiality in line with the Bank’s Non-disclosure agreements and best practices as required.
• Ensure compliance with the relevant laws and regulations.
• To safeguard and promote the bank’s image with the general public within the scope of duty.
• Other duties as may be assigned by the Director, Internal Audit from time to time.

Skills & Experience

• Bachelor’s Degree in Computer Science, IT or Engineering in a recognised University.
• Professional qualification in IT Security; CISA/CISM
• CIA /CRISK Certifications will be an added advantage.
• Member of ISACA in good standing.
• Masters degree in ICT related fields is preferred.
• IIA/ICPAK membership preferred.
• Project Management Certification
• Ten (10) years’ experience in risk, governance and control work related environment; five(5) of which should be at a leadership level in external/internal audit managing ICT audits in a commercial bank or other large and established consultancies.
• Demonstrated hands on experience in an ICT controls environment.
• Leading teams; capable of empowering and leading an Internal Audit team to meet Bank and Internal Audit Assurance goals.
• Leading Change; proven change management capability to drive the Internal Audit Assurance strategy.
• Innovation; able to keep up with trends of meeting the demands of internal and external customers and controls thereof.
• Collaboration; forms business partnerships that help drive the Bank’s IT Assurance agenda.
• Multi-tasking able to manage several concurrent audit assignments and prioritise demands.
• Flexibility and adaptability; ability to keep pace with latest technology and trends in addition to new security requirements.
• Excellent communication skills; articulate in communicating to both internal and external stakeholders at all levels.
• Capable of managing numerous information sources and providing data analysis reports to senior management and stakeholders at all levels.
• Practical computer literacy in all critical domains.
• Practical hands on experience in ICT Auditing
• Well conversant with Kenyan Banking Act, CBK Prudential Guidelines, International Accounting and Auditing Standards, Information Systems and Security standards.