Information Systems Auditor at NCBA Group

Job Purpose Statement

The purpose of this role is to provide assurance on the Group’s information systems with respect to information technology security, functions/ processes and the technology applications that support business functions and ensure appropriate security controls are in place to protect the Group’s assets from ICT related risks.  

To role holder will conduct independent reviews on compliance with the Group’s ICT and Information Security policies and procedures, assess adequacy of internal control systems, regulatory requirements observed and highlight exceptions or violations. 

Key Accountabilities (Duties and Responsibilities)

Audit Planning 10% 

• Assist in the formulation and implementation of the Information and Communication Technology audit strategy, as well as to evaluate the standards of risk management, accuracy of the records, procedures and control activities throughout the banks ICT structures  
• Assess and advice on risk management, internal control systems and including review of the suitability and reliability of management information systems.  

Audit Management & Execution 60% 

• Develop audit tests of assigned assurance and advisory services based on the annual risk based internal audit plan focusing on the key critical risk areas 
• Execute IS audits and participate in audits of the bank’s subsidiaries, departments, branches and processes as per the audit plans and in accordance with policies, procedures and best practice 
• Design and execute audit programs or work programs for assigned assurance and advisory services by interview, observation, review processes, data analysis review and testing of the control area 
• Develop and issue concise draft reports that present findings, recommendations and management response 
• Prepare summary of audit results and draft audit reports summarizing the audit findings and recommendations, and work with IT management and IT risk in developing action plans. 
• Follow-up on audit recommendations and actions taken ensuring that they are addressed and appropriate management 

Internal business processes 10% 

• Review procedures and records to ensure they are in line with the Bank’s ICT strategy and objectives.  Appraise policies and plans of activities for all departmental systems in use to ensure these are complementing the ICT strategy. 
• Liaise with external auditors and other regulatory monitoring agencies and implement recommendations to Information systems controls and security so as to promote growth and ensure compliance with the regulatory framework. 
• Provide consultancy services to project teams on IT risk, system controls and best practices.  
• Participate in the bank’s Information Risk forums and provide insights on emerging risk.  

Customer 10% 

• Create a cordial and professional working environment for all staff to enhance individual performance and productivity. 
• Develop with the assistance of the Head of Audit the annual IS audit team performance objectives, standards and targets 
• Identify development and training needs and develop plans to satisfy areas identified 

Learning and growth 10% 

• Continuously improve knowledge and learning to ensure conversant with current standards and practices within the profession. 
• Enhance practice and display of professionalism in conduct of work and day to day activities. 
• Adherence to professional standards and code of ethics at all times. 
• Enhance knowledge skills and other competences through continuing personal development. 

Job Specifications

Academic: 

A University graduate, preferably in Information Systems Management (Computer Science), Business Administration or related fields 

Professional: 

• Qualified Certified Information Systems Auditor with relevant experience in information security knowledge areas, such as Information Systems Audit, Information Security Management and Ethical Hacking. 
• CIA, CISM, and CISP an added advantage 
• Qualifications in data analysis and CAATs would be an added advantage 

Desired work experience:  

• At least 4 years of information system audit experience, preferably in the financial services industry.