Information Technology (IT) Auditor

Responsibilities: 

• Technological innovation process: creates a risk profile for current and future projects with a focus on the company’s experience with those technologies and where it stands in the market.
• Innovative comparison audit: looks at the organization’s ability to innovate compared to competitors and evaluates how well the company produces new products.
• Technological position audit: examines current technology in the organization and future technologies that will need to be adopted.
• Systems and applications:- evaluates whether systems and applications are controlled, reliable, efficient, secure and effective.
• Information processing facilities:- evaluates an organization’s ability to produce applications even in disruptive conditions
• Systems development verifies that systems that are being developed are suited for the organization and meet development standards.
• Management of IT and enterprise architecture: Evaluate the IT organizational structure for information processing.
• Client, server, telecommunications, intranets and extranets:- examines controls on client connected servers and networks.

IT/EBANK

• Engage in systems/applications testing to ensure they meet agreed systems requirements.
• Review IT expense to ensure there is value for money.
• Plan internal audit procedures.
• Monitor the outcome of IT End-of-Day/Month activities
• Ensure that applications & systems are reviewed as planned.
• Coordinate system access administration of the Unit.
• Monitor the review of logs and vulnerability on the network.
• Carryout investigation of system incidents.
• Engage in User Acceptance Test (UAT) for both in-house developed and off the shelf applications.
• Represent the Group in Change Management Committee and review results of approved changes.
• Engage in application certification, implementations & due diligent engagements.
• Support ISO 27001 Information security management system certification,
• Support ISO 20000 IT Service management certification
• Support PCIDSS annual assessment and certification.
• Coordinate ISO 22301 Business Continuity Management System certification
• Evaluate Compliance to data protection. 

Business Service Group & Other Users of Critical Applications

• Follow up on issues raise by the Unit that require BSG attention.
• Engage users on access requirement (access matrix).
• Provide support to end users on system access requirements.
• Engages in user education.

Board Audit Committee & IT Steering Committee

• Attend to the Board Audit committee & IT steering committee enquiries on IT related issues.
• Prepare reports of significant findings to the Board Audit Committee.

Others, Regulatory Authority, Law Enforcement Agency, Other Banks, Vendor & External Auditor

• Answer queries on user activities on the system.
• Attended to Regulatory, External Auditors & Law Enforcements inquires, discrete request on system related issues, electronic fraud and other interbank activities.
• Represent the Group & the Bank in IS/IT Audit/Control/Security related meetings within and outside the Bank.

Competency:

• Minimum of First Degree in any discipline with relevant professional certifications or first degree in a numerate or IT related discipline.
• Relevant professional certifications such as Certified Information Systems Auditor (CISA), International Standard Organisation (ISO) certified, Certified Information Systems Security Professional (CISSP), Qualified Membership of Information Systems Audit & Control Association (ISACA), and Qualified Membership of a Professional Accounting Body, MBA or other IT Certifications and/or a second degree are added advantages.