IT Auditor

Responsibilities:

• Creates a risk profile for current and future projects with a focus on the company’s experience with those technologies and where it stands in the market.
• Looks at the organisation’s ability to innovate compared to competitors and evaluates how well the company produces new products.
• Examines current technology in the organisation and future technologies that will need to be adopted.
• Evaluates whether systems and applications are controlled, reliable, efficient, secure and effective.
• Evaluates an organisation’s ability to produce applications even in disruptive conditions
• Verifies that systems that are being developed are suited for the organization and meet development standards.
• Evaluate the IT organizational structure for information processing.
• Examines controls on client connected servers and networks.

IT/EBank:

• Monitor the outcome of IT End-of-Day/Month activities.
• Ensure that applications & systems are reviewed as planned Coordinate system access administration of the Unit.
• Monitor the review of logs and vulnerability on the network.
• Engage in systems/applications testing to ensure they meet agreed systems requirements.
• Review IT expense to ensure there is value for money.
• Plan internal audit procedures.
• Carryout investigation of system incidents.
  
• Engage in User Acceptance Test (UAT) for both in-house developed and off the shelf applications.
  
• Represent the Group in Change Management Committee and review results of approved changes.
  
• Engage in application certification, implementations & due diligent engagements.
  
• Support ISO 27001 Information security management system certification,
  
• Support ISO 20000 IT Service management certification
  
• Support PCIDSS annual assessment and certification.
  
• Coordinate ISO 22301 Business Continuity Management System certification
  
• Evaluate Compliance to data protection.        

Business Service Group & Other Users of Critical  Application:

• Follow up on issues raise by the Unit that require BSG attention.
  
• Engage users on access requirement (access matrix).
  
• Provide support to end users on system access requirements.
  
• Engages in user education.
  

Board Audit & IT Steering Committee:

• Attend to the Board Audit committee & IT steering committee enquiries on IT related issues.
  
• Prepare reports of significant findings to the Board Audit Committee.
  

Regulatory Authority, Vendors & External Auditors:

• Answer queries on user activities on the system.
  
• Attend to Regulatory, External Auditors & Law Enforcements inquires, discrete request on system related issues, electronic fraud and other interbank activities.
• Represent the Group & the Bank in IS/IT Audit/Control/Security related meetings within   and outside the Bank

Requirements:

• Minimum of First Degree in any discipline with relevant professional certifications or first degree in a numerate or IT related discipline.
  
• Relevant professional certifications such as Certified Information Systems Auditor (CISA), International Standard Organization (ISO) certified, Certified Information Systems Security Professional (CISSP), Qualified Membership of Information Systems Audit & Control Association (ISACA), and Qualified Membership of a Professional Accounting Body, MBA or other IT Certifications and/or a second degree are added advantages.

Competency:

• Knowledge of a Mortgage Bank’s structure, operations, policies and procedures.
  
• Knowledge of a Mortgage Bank’s products and services.
  
• Knowledge of ethics and fraud related issues
  
• Knowledge of corporate governance
  
• Knowledge of tax operations/regulations.
  
• Knowledge of relevant financial reporting standards.
  
• Knowledge of a Mortgage Bank’s banking applications and channels.
  
• Working relationship with Law Enforcement Agencies and other banks.
  
• Knowledge of System Access Control.
  
• Knowledge of system architecture and security.
  
• Knowledge of controls that have been put in place in the Banks operating environment.
  
• Knowledge of the principle of Audit & control, Risk Base Audit and Risk Assessment process.
  
• Knowledge of the principle of dual control.
• Knowledge of Database Management Systems.
  
• Knowledge of Query languages (e.g., SQL)

Skills: 

• Technical understanding of IT applications infrastructure.
• Understanding of IT Governance framework (COBIT).
• Knowledge of Electronic Fund transfer & Payment (EFT/P) mechanism.
• Understanding of IT/IS Audit processes, standards and application of benchmarks.
• Computer Appreciation Skills (Ability to work with word processing, Spreadsheet applications).
• Compliance monitoring.
• Quality Assurance Skills.
• Candidate Abilities & Personality Profile.