Supervisor – Information System at Kenya Revenue Authority (KRA)

Job Purpose

The job holder is responsible for carrying out review of the Authority’s Information System security to ensure technology in place and system controls are adequate

Key Responsibilities 

Operational Responsibilities / Tasks

• Execute corporate Information System (IS) and related security audits designed to provide assessment of internal control processes and operational performance, in accordance with the Standards for the Professional Practice of Internal Audit as set forth by the IIA, and department standards.
• Assist in preparing detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, development of an appropriate audit program and make necessary recommends for staff and budget to complete the project
• Prepare audit work papers documenting the result of reviews of assigned activities and recommended management action.
• Prepare under minimal supervision draft audit findings on assessment of systems, processes and operations, and management’s planned corrective actions.
• Reviews of internal controls and security of existing systems, under development, new information systems and system changes on existing systems as well as major IT projects and initiatives.
• Carrying out ad hoc special assignments and investigations
• Contribute to and responsible for risk management and internal control within functional area.
• Support the development and updating of departmental risk register, identification and assessment of risks in operational areas, and contribute to risk mitigation.

Job Dimensions

Responsibility for Physical Assets

Responsible for physical assets assigned by the institution

Decision Making

Makes decisions using standard operational procedures

Working Conditions:

Works predominantly within the office

Job Competencies (Knowledge, Experience and Attributes / Skills)

Academic Qualifications

• Bachelor’s degree in Finance, Accounting, Business,  Mathematics, Information Technology

Professional Qualifications / Membership to professional bodies

• Certification as a Certified Information Systems Auditor (CISA)
• Membership of  ISACA or IIA

Previous relevant work experience required.

• At least three (3) years’ work experience. At least one (1) out of the 3 years should have been in operational IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development, project management, or a related field.
• Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
• Knowledge of Control Objectives for Information and Related Technology, Accepted Auditing Standards, Standards for the Professional Practice of Internal Auditing.

Need to know:

• Analytical skills
• Organizational skills
• Computer proficient

Attributes:

• High level of integrity
• Ability to understand business processes and good awareness of functional relationships of Departments within the Authority.
• Ability to apply audit standards through practical application
• Understanding and ability to apply risk and control concepts.
• Analytical skills.
• Oral and written communication skills.
• Excellent relationship management skills.