Information Systems Auditor at GA Insurance

Job Summary:

• This position is responsible for providing independent assurance on GA Insurance Limited’s information systems, by ensuring that the risk management procedures, governance processes, and control mechanisms in place are adequate to safeguard the Information Systems of the Company at all times.

Duties and Responsibilities:

• Participate in the development, execution, and monitoring of the annual information systems internal audit plan.
• Perform assessments of all the business information systems to evaluate controls adequacy, effectiveness, and efficiency to support business processes.
• Evaluate the adequacy and effectiveness of controls for information systems and technology processes, including those related to data protection, change management, and cyber security.
• Conduct compliance assessments against information security standards, including ISO 27001, NIST Cybersecurity Framework, PCI DSS, and HIPAA guidelines, to ensure data security, regulatory compliance, risk mitigation, and operational efficiency.
• Communicate audit results and recommendations to key stakeholders including management and business process owners.
• Collaborate with the Technology Services and IT security teams to ensure that appropriate controls are in place for optimal operational functionality of Information Systems.
• Stay up to date on emerging technology and security vulnerabilities, and threats in the Information Systems landscape and provide relevant and timely advice to stakeholders where necessary.
• Review the IT governance documents, strategies, policies, contracts, and procedure documents.
• Provide advice in resolving information security incidents.
• Participate in ensuring quality in all work delivered including meeting the standards for working papers, and actively giving insights and supporting the implementation  of corrective actions based on recommendations to audit observations.
• Provide support in drafting suitable audit reports highlighting key control weaknesses as well as non-compliance with procedures, policies, and regulatory requirements.
• Participate in the preparation of the Board Audit Committee files.

Job Holder Specifications: Education/Qualifications:

• A Bachelor’s Degree in Accounting, Finance, Commerce, Economics, IT or a related field.
• Professional qualification in information systems audit such as Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Internal Auditor (CIA) is an added advantage.

Working Experience:

• At least 5 years working experience in a similar role.

Competencies;

Technical Competencies

• Knowledge of the Institute of Internal Auditors International Professional Practice Framework.
• Knowledge of current technological Developments and emerging trends.
• Proficient in Project Management methodologies and associated controls.
• Proficient in Report writing.
• Ability to observe and understand business processes.
• Proficiency in Governance, Risk Management, and Compliance (GRC) principles and their application in information systems governance and security.
• Knowledge and experience in the use of CAATs.
• Knowledge of information systems and related technology.
• Knowledge of risk management concepts and principles
• Proficiency in evaluating system backup procedures, disaster recovery capability, and maintenance procedures.
• Knowledge of software requirements for the auditing of computing systems and procedures.

Behavioral Competencies

• Strong analytical and organizational & problem-solving skills.
• Personal attributes: integrity, dependable, initiative-taking, results-oriented, creative, and strong interpersonal skills.
• Ability to operationalize strategy into action for the function.