Manager, Information Systems Audit at I&M Bank

Job Purpose:

• The role holder is responsible for delivering the annual Information Systems (IS) audit plan, with a focus on integrity, confidentiality, and availability of information. This includes evaluating the effectiveness of security controls and ensuring compliance with both internal policies and external regulatory requirements.
• The role also ensures adequate assurance coverage of IS-related risks across the bank’s entire technology infrastructure, in alignment with Governance, Risk, and Compliance (GRC) frameworks. The role holder also advises the Deputy General Manager, Internal Audit, on audit coverage, emerging risk trends, and the maturity of control environments.

Key Responsibilities:

• Provide input to the Deputy General Manager, Internal Audit, in preparing the annual audit plan for approval by the BAC. This is through review of prior audit reports, incidents within the consulting areas, financial performance, risk areas in projects, products, strategy, and areas specially requested by process owners.
• Review work done by the team in planning, such as document review, prior reports, data analysis, walkthroughs, risk assessments, and all related planning items. 
• Review the audit planning memo for target assignments to determine that all relevant planning bases have been covered as per the audit planning manual. 
• Prepare an audit planning memorandum and obtain agreement from the Deputy General Manager, Internal Audit, on the audit objectives, audit methodology, and scope of work, and key risk areas for review on each assignment.
• Evaluate audit tests prepared and ensure they address identified risks and will achieve the desired audit objectives. Continuously monitor the tests for efficiency and effectiveness.
• Perform quality assurance to ensure that all evidence and working papers meet the standards required to support audit findings, root causes, risks, recommendations, and conclusions.
• Monitor the audit progress and timescale per the planning memo. Assess with the team, areas of improvement on the effectiveness and efficiency of the audit procedures. 
• Lead / Conduct special audits, including reviews of functions undergoing significant change, and draft suitable audit reports. 
• Ensure that key weaknesses and existing or potential risks are highlighted and well-presented before final report approval and issuance.
• Engage audit clients to establish correct root causes and establish relevant management actions. 
• Present IS audit findings and assurance reports to relevant stakeholders, coordinate post-audit surveys, and support special audits involving information systems.
• Lead the follow-up on post-exit clarifications and status of management actions.
• Assess training needs in consultation with the team and with agreement with the Deputy General Manager, Internal Audit, assign appropriate learning programs.
• Serve as an ongoing subject matter expert on information security controls and technologies.

Academic Qualifications:

• Bachelor's in information systems / computer science / IT / Business-related field, or equivalent.
• Master’s (MBA, MSc Information Systems/ Information Security / IT/ IT-related field (added advantage).

Professional Qualifications / Membership to professional bodies/ Publication: 
Professional Qualifications:

• Certified Information Systems Auditor (CISA) – required.
• One (1) of: CISM/ CRISC/ CGEIT /CIA /ISO/IEC 27001 Lead Auditor or Lead Implementer/ CISSP.
• CIAQA / CCNA/ CPA /CEH / CHFI (added advantage).

Membership Affiliations:

• Information Systems Audit and Control Association (ISACA).
• Institute of Internal Auditors (IIA).

Work Experience Required:

• Over Seven (7) years’ relevant experience with over a year in a management role in a similar-sized organization.

Competencies:

• Planning & Organizational skills.
• Analytical skills and attention to detail.
• Strong oral and written communication skills.
• Interpersonal skills to manage stakeholders at all levels. 
• Ethics and integrity.
• Excellent judgment and analytical abilities, and impeccable integrity.
• Strong commercial awareness and an ability to connect to business goals.
• Banking Knowledge.
• Strong understanding of enterprise, technology, and operational risk management.