Information Systems Auditor

Qualifications and Competencies

• Be a holder of a bachelor’s degree in Computer Science or IT related field.
  
• Should possess professional qualification in Certified Information Systems Auditor (CISA) and/or Certified Information Security Manager (CISM).
  
• Possession of other Cisco certifications such as CCNA and CCSP will be added advantage.
  
• Should have thorough knowledge of current auditing techniques and experience of the entire audit process.
  
• Should possess advanced ACL skills and/or other audit skills.
  
• Should have a minimum of five years’ experience in information systems audit.
  
• Should have excellent analytical skills and great attention to detail.
  
• Should have strong communication and presentation skills.
  
• Should have broad knowledge of information systems and operations in view of the internal audit objectives.
  

• Should be able to work independently, meet deadlines and obtain results.
  

  
  

• In charge of the Information System audit function of the Internal Audit Department.
  
• Develop and implement the annual Information Systems audit plan.
  
• Ensure that the Bank develops and maintains sound Information System policies and procedures that minimize risks without compromising efficiency.
  
• Assess the risks inherent in the bank’s information systems and recommend measures to mitigate them.
  
• Provide system investigation services whenever required.
  
• Evaluate the Bank’s compliance with internal information system policies, procedures and operating instructions.
  
• Conduct regular and surprise inspection of all procedures, policies and processes ensuring that they comply with all statutory requirements and best practice.
  
• Evaluate business continuity and disaster recovery including back up procedures, business continuity and disaster recovery plans, tests, sites, and usability.
  
• Evaluate and report on system infrastructure and life cycle management.
  
• Review system development, acquisition and maintenance.
  
• Ensure change management principles are followed.
  
• Provide support to other assurance processes to ensure the overall opinion incorporates the risks identified in the underlying information systems.
  
• Monitor the implementation & operation of defined controls and recommendations on an ongoing basis.
  
• Assist the Risk department with technical expertise to ensure ICT risks are well managed.