IT Internal Auditor – P2 at Common Market for Eastern and Southern Africa (COMESA)

Job Purposes

• To support the Chief Risk Management and Internal Auditor in the provision of independent and objective assurance services on effectiveness of the organization's IT controls, security information system, and risk management structures in operations, systems, policies, strategies, and practices for the achievement of the organizational objectives.
• To prepare audit reports on the soundness, adequacy, and application of IT controls as well as the suitability and reliability of information system records and data developed within the organization.

Main Duties and Accountabilities

• Under the direct supervision of the Chief Internal Auditor, the job holder shall, inter alia, be responsible for the following functions:
• Identifies the organization’s IT audit universe and assists in devising strategies for identification of auditable subjects on an annual basis. The results of these audits inform key IT organizational risks, weak internal controls and governance practices that require to be addressed by Management for achievement of Unit and Divisional objectives;
• Undertakes detailed risk assessment to inform risk-based audit programs for audit testing in order to identify key risks as well as well weak internal controls and governance practices during the audit;
• Undertakes risk-based IT audits on IT Security, IT Governance, IT  general and application controls based on the IT risk assessment;
• Conducts investigation of suspected frauds through IT fraud risk assessment and audit planning;
• Provides input in the review of IT policies and procedures to enhance control designs of IT systems;
• Undertakes research on emerging technologies and assist in the development of IT audit strategies to manage risks that might be associated with application of new technologies;
• Provides consultancy services to Management upon request during the development of new Information systems in order to manage emerging and likely organizational risks for enhancement of good corporate governance
• Perform any other duties that may be assigned by the supervisor from time to time.

Minimum Academic Qualifications:

• Minimum of Bachelor's degree in Computer Science, Management Information System or related area.
• Professional Certifications/qualifications:
• Certified Information Systems Auditor (CISA)/Certified Information Systems Security.
• Professional (CISSP)
• Certified Internal Auditor (CIA) Part.
• Specialized Knowledge:
• Risk Management.
• Strategic and Business Management.
• Corporate governance.
• IT general and application controls.
• International Professional Practices Framework (IPPF).

Minimum Years of Experience:

• Minimum Six (6) years working experience in similar positions in national and/ or regional and international organization.