Information Systems & Technology (ICT) Auditor at Kenya Teachers Sacco Association (KETSA)

Job Purpose:

• The Information Systems & Technology (ICT) Auditor is responsible for execution of internal audits covering all aspects of business processes, assessing risks on information systems, business operations and evaluating internal controls to provide an independent appraisal of internal control environment across the Sacco.

The Role

The successful jobholder will be required to:

• Conduct special audits as required, leveraging on Computer-Assisted Audit Tools (CAATs) such as, Python, ACL, and SQL Developer to efficiently extract, transform and analyse large volumes of data
• Design, implement and maintain data analytics models and scripts to support continuous auditing and monitoring activities.
• Collaborate closely with audit teams to understand specific audit requirements and translate them into effective data analytics and automation solutions
• Conduct comprehensive penetration tests on the core banking system, mobile banking, and other operational applications, networks, and ICT systems to evaluate the effectiveness of the implemented cybersecurity framework.
• Evaluate compliance with IT security policies, standards, and regulatory requirements across business units and ICT infrastructure.
• Stay up to date with emerging cyber threats, vulnerabilities, and regulatory developments in the cybersecurity landscape.
• Perform independent threat and vulnerability assessment tests and report on cyber risks and controls of the ICT systems within the SACCO and other related third-party connections.
• Test the adequacy and effectiveness of control measures on information systems, operational processes, credit, department operations and recommend corrective measures to be undertaken in areas of weakness.
• Utilize extensive understanding of business activities to recommend scope and objectives of assigned audits, execute audit procedures, perform detailed analyses, reach sound conclusions and document results for assigned audit activities.
• Ensure that all instances of significant risk or lack of control are properly identified, all findings are factually based & reported, with pragmatic & balanced recommendations & reports delivered in a timely manner.
• Actively participate in discussing audit findings and recommendations with line managers of the areas under review.
• Facilitate the communication of audit results and special projects via written reports and oral presentations to management.
• Assist in the annual risk assessment process and generation of annual audit plan.
• Assist in training/mentoring staff and develop and maintain the skills, knowledge and expertise to make valuable contribution to the internal audit team.

Skills, Competencies and Experience

The successful candidate will be required to have the following skills and competencies:

• Bachelor’s degree in information systems or computer science from a recognized university.
• Professional certification in IT Audit, Risk and Security e.g. CISM, CISSP, CISA, CRISC CISA & CPA as mandatory requirements
• Excellent understanding of auditing concepts and practices with a minimum of 3 years’ experience in IT and operation audit.
• Skilled in project management and maintaining composure under pressure while meeting multiple deadlines.
• Demonstrable knowledge in risk assessment and control concepts.
• Skilled in negotiation and conflict management to resolve problems that may arise during an audit.
• Excellent oral and written skills; a strong verbal communicator, analytical writer
• and able to clearly and concisely convey personal observations of processes, risks and controls.
• Excellent analytical ability both qualitative and quantitative to draw sound conclusions coupled with demonstrated knowledge and proper application of sampling techniques.
• Should have Certified ethical hacker certificate (CEHC)
• Excellent attention to details and organizational skills.
• KCSE Mean Grade: C+ and above
• Age: Above 30 years