Senior Systems Audit Officer at Development Bank of Kenya

Job Purpose

To provide independent assurance that the Banks risk management, governance and internal control processes are operating effectively. Risk based planning and conducting of information systems audits. It involves evaluating design, implementation and effectiveness of controls for all core business systems and processes: –

Key Duties and Responsibilities

• Preparing an annual audit plan: Involves coming up with an annual plan of the audit universe for all audit activities for the entire year.
• Audit engagement preparation: Involves doing an audit memo, developing an audit plan and an audit program for a specific audit area. The memo leads to an entry meeting with the auditees.
• Audit assignment: Involves carrying out an audit activity in a selected area in accordance with the annual plan.
• Reporting: Develop and issue concise draft reports that present findings, recommendations and management response
• Perform information system control reviews to include periodic system vulnerability testing, system development standards, operating procedures, system security, programming controls, communication controls, backup and DR/BCP testing, and system maintenance
• Perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems
• Follow-up on audit recommendations and actions taken ensuring that they are addressed and appropriate management
• Exit meeting and follow up: Involves discussing the findings with the auditees and agree on action points and follow up schedules on implementations
• Keep abreast with the latest technology security trends and provide input to mitigate emerging threats.

Job Requirements and Experience

For appointment to this grade, a candidate must have:

• Bachelor’s degree in a Computer Science, Information Systems Management, Business Administration or related fields
• Masters or related qualification from a recognized university is an added advantage.
• Qualified Certified Information Systems Auditor (CISA)
• Having or pursuing other qualifications such as CISM, CIA, CPA (K), ACCA or ACIB would be an advantage.
• Qualifications in data analysis and CAATs would be an added advantage.
• Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Risk and Information Systems Control (CRISC), Certified Ethical Hacker (CEH) are all important
• 3 years of information systems audit related experience.
• Excellent knowledge in Systems Audit Procedures, Audit reporting, Computer networks and risks, Cybersecurity risks and solutions, Data analytics. Vulnerability assessment. And technology landscape, emerging tech and threats.
• An understanding of technology risks is essential
• Possess a thorough knowledge of accounting procedures and a sound judgement.
• Proven knowledge of auditing standards and procedures, laws, rules and regulations
• Compliance and Regulatory Framework: understanding of the regulatory issues, reporting and operational requirement as provided by CBK, KRA, KBA.

Competencies and Skills

• High attention to detail and excellent analytical skills
• Sound independent judgement
• Good communication skills.
• Interpersonal and teamwork skills.
• Innovativeness and problem-solving skills.
• Knowledge of the Banking processes.
• Financial and accounting skills.
• Organizational skills
• Report writing skills.
• Information technology skills.
• Ability to manipulate large amounts of data and to compile detailed reports
• Ability to perform control reviews on systems development, operation, programming, control and security procedures and standards.
• Ability to maintain the highest level of confidentiality and accuracy in all the departments’ correspondence and procedures.