Division: Information Systems Audit
Section / Unit: Information Security Audit
Location / Work station: Times Towers, Haile Selassie Avenue, Nairobi or Other Regional Office
- The job holder is responsible for carrying out review of the Authority’s Information System security to ensure technology in place and system controls are adequate.
Key Responsibilities / Duties / Task
Managerial / Supervisory Responsibilities
Operational Responsibilities / Tasks
- Execute corporate Information System (IS) and related security audits designed to provide assessment of internal control processes and operational performance, in accordance with the Standards for the Professional Practice of Internal Audit as set forth by the IIA, and department standards.
- Assist in preparing detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, development of an appropriate audit program and make necessary recommends for staff and budget to complete the project
- Prepare audit work papers documenting the result of reviews of assigned activities and recommended management action.
- Prepare under minimal supervision draft audit findings on assessment of systems, processes and operations, and management’s planned corrective actions.
- Reviews of internal controls and security of existing systems, under development, new information systems and system changes on existing systems as well as major IT projects and initiatives.
- Carrying out ad hoc special assignments and investigations
Responsibility for Physical Assets
- Responsible for physical assets assigned by the institution.
- Makes decisions using standard operational procedures.
- Works predominantly within the office.
Job Competencies (Knowledge, Experience and Attributes / Skills).
- Bachelors degree in Finance, Accounting, Business, Mathematics, Information Technology
Professional Qualifications / Membership to professional bodies
- Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
- Membership of ISACA
Previous relevant work experience required.
- A minimum of three (3) years operational IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development, project management, or a related field
- Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
- Knowledge of Control Objectives for Information and Related Technology, Accepted Auditing Standards, Standards for the Professional Practice of Internal Auditing.
Need to know:
- Analytical skills
- Organizational skills
- Computer proficient
- High level of integrity
- Ability to understand business processes and good awareness of functional relationships of Departments within the Authority.
- Ability to apply audit standards through practical application
- Understanding and ability to apply risk and control concepts.
- Analytical skills.
- Oral and written communication skills.
- Excellent relationship management skills.