Information Systems Auditor at Nairobi Securities Exchange

Overall Purpose

Reporting to the Chief Internal Auditor, the Information Systems Auditor will give objective and independent assurance to management that the Information systems in place are appropriate, well utilized, reliable and secure while giving commensurate recommendations on areas of improvement and optimization of Information Technology.

Key Duties and Responsibilities

• Assist the Chief Internal Auditor in coming up with annual information systems audit plan;
• Perform information systems audits in line with internal audit methodology, processes, procedures and timeframes;
• Conduct quality assurance on systems at development and or off-shelve purchases;
• Conduct investigation as assigned by Chief Internal Auditor from time to time;
• Assist the Internal Audit Manager in conducting operations audits from time to time;
• Be involved in development of ICT business continuity programme;
• Review all NSE IT policies and ensure they are aligned to best frameworks such as NIST and Cobit frameworks and other applicable regulations governing IT;
• Document audit work in the system (teammate) in line with IPPF;
• Test adequacy and effectiveness of systems control measures within the Exchange on a regular basis and recommend corrective measures to be undertaken in areas of weaknesses identified;
• Make follow up on the systems audit recommendations to ensure that they are implemented;
• Develop and maintain the skills, knowledge and expertise to make valuable contribution to the Internal Audit team and be part of the automated audit systems processes;
• Develop and maintain relationships with key stakeholders to ensure that the most important audit risks are being mitigated and that expectations are being met or exceeded;
• Assist the Chief Internal Auditor in developing the department’s budget and monitoring expenses against the budget to ensure that funds are optimally utilised; and
• Generate quality information audit reports giving recommendations on how to mitigate the risks

Minimum Qualifications

• Bachelor’s degree in Computer science or Information Technology coupled with a professional certification in IT Audit, Risk and Security e.g. CISA, CISM, CISSP, CRISC,CEH;
• 2-3 years relevant professional experience in IT department handling information security role or Systems audit role gained from an organization with strong internal control framework, preferably financial institutions or Audit firm;
• Knowledge of risk assessment, methodologies and technical applications in IT Audits;
• Robust analytical, organizational and interpersonal skills;
• Knowledge in audit tools & techniques applicable in information system audits including process mapping, control identification & analysis and design of audit tests;
• High attention to detail, accuracy and risk awareness; and
• Dynamic self-starter with the ability to work independently as well as be a solid team playe