Supervisor -Information Security Audit at Kenya Revenue Authority (KRA)

Division:               Information Systems  Audit

Section / Unit:    Information Security Audit

Location / Work station: Times Towers, Haile Selassie Avenue, Nairobi or Other Regional Office

Reporting Relationships

Job Purpose

• The job holder is responsible for carrying out review of the Authority’s Information System security to ensure technology in place and system controls are adequate.

Key Responsibilities / Duties / Task

Managerial / Supervisory Responsibilities

• N/A

Operational Responsibilities / Tasks

• Execute corporate Information System (IS) and related security audits designed to provide assessment of internal control processes and operational performance, in accordance with the Standards for the Professional Practice of Internal Audit as set forth by the IIA, and department standards.
• Assist in preparing detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, development of an appropriate audit program and make necessary recommends for staff and budget to complete the project
• Prepare audit work papers documenting the result of reviews of assigned activities and recommended management action.
• Prepare under minimal supervision draft audit findings on assessment of systems, processes and operations, and management’s planned corrective actions.
• Reviews of internal controls and security of existing systems, under development, new information systems and system changes on existing systems as well as major IT projects and initiatives.
• Carrying out ad hoc special assignments and investigations

Responsibility for Physical Assets

• Responsible for physical assets assigned by the institution.

Decision Making:

• Makes decisions using standard operational procedures.

Working Conditions:

• Works predominantly within the office.

Job Competencies (Knowledge, Experience and Attributes / Skills).

Academic Qualifications

• Bachelors degree in Finance, Accounting, Business,  Mathematics, Information Technology

Professional Qualifications / Membership to professional bodies

• Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
• Membership of  ISACA

Previous relevant work experience required.

• A minimum of three (3) years operational IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development, project management, or a related field
• Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
• Knowledge of Control Objectives for Information and Related Technology, Accepted Auditing Standards, Standards for the Professional Practice of Internal Auditing.

Financial Responsibility:

Need to know:   

• Analytical skills
• Organizational skills
• Computer proficient

Attributes:

• High level of integrity
• Ability to understand business processes and good awareness of functional relationships of Departments within the Authority.
• Ability to apply audit standards through practical application
• Understanding and ability to apply risk and control concepts.
• Analytical skills.
• Oral and written communication skills.
• Excellent relationship management skills.