4. IT AUDIT MANAGER
Reports to: Director of Internal Audit.
Department: Internal Audit
Age Limit: 40
- Degree in computer science, having or working toward a recognized security certification (e.g., CISSP, CISM, GIAC, CISA)
- 3 years’ relevant experience in IT auditing at the managerial level
- 5 years‘ relevant experience in IT auditing at other lower levels
Skills and Knowledge
- Advanced computer skills-Ms Office, Excel, SQL Server
- Knowledge with information security standards such as NIST, ISO, PCI DSS, COBIT, and associated security controls.
- Knowledge of the IT Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure.
- Knowledge and experience in IT risk and compliance management programs related to IT Audit, 3rd Party Risk Management, and Security and Privacy Regulations
- Broad information technology background particularly in IT architecture, systems, and software development, disaster recovery, and operations
- Thorough knowledge of financial services/ finance industry policies and industry development
- Thorough knowledge and of regulatory requirements as relates to SACCOS
- Accounting principles and procedures including International Accounting standards and local guidelines
- Investigation and probing skills
- Leadership and audit program management background
- Conceptual and analytical thinker, able to understand, analyzes and synthesizes complex business and technology issues and strategies.
- Formulate IT audit strategies to improve control efficiencies, manage the development and implementation of an IT Audit Program to ensure the ongoing practice of security and compliance as a process to identify and address systemic control and efficiency issues within Umwalimu Sacco.
- Understand the criticality of business processes with reference to policies and processes. Conducts security risk assessments to proactively identify and minimize the probability of risk occurrences.
- Provide Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security.
- Responsible for developing and maintaining the IT Risk Assessment under the oversight of the Director of Internal audit; including identifying areas where business units should consider additional investment and areas internal audit should focus.
- Work with Finance and ICT, Business development and operations, Credit administration, HR, Legal and Administration departments in reviewing systems and establishing appropriate controls and procedures where they may not exist
- Conduct audits or lead audit teams in performance of IT audits and reviews of systems, applications, and IT processes:
- Perform pre and post-implementation reviews of system implementations or enhancements
- IT security audits (e.g. network, operating system, and data center), including evaluating if security vulnerabilities are properly identified and mitigated.
- Coordinate the scope and performance of these reviews with business units and external security experts.
- Carry out systems audit on the core accounting system and provide liaison to External Auditors in this respect.
- Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate.
- Establish a process for controlling transactions and regularly inspect institution’s records and processes to ensure that these comply with the policy, statutory and reporting requirements and evolve scrutiny methodology that ensures compliance and sets standards to be adhered to for such from time to time
- Develop, build & implement tools to analyze data to improve audit efficiency and effectiveness, (including for risk assessments). Ultimately be a source for analytics that business departments adopt to provide business insights or for continuous auditing.
- To perform any other duties as may be assigned by the Director of the Department of Director-General
- Carry out regular and surprise inspections of all processes, policies, and procedures, ensuring that they comply with statutory requirements and best practices guidelines as may be prescribed from time to time by local and global organizations such as the consultative group to assist and other government regulations, prudential guidelines as they may be applicable to MFIS
- Keep abreast of the latest developments in the finance, banking, audit, and accounting fields with a view to enhancing internal audit function as a key contributor to the institution’s strategy.
- Audit system compatible with an organization’s growth.
- Ensure Core system functionality parameters are secure.
- Adherence to internal controls across the organization.
- Timely and accurate audit and risk reports
- Risk report with a proposed action plan
- Report on productivity and efficiency with recommendations on areas of cost savings and improvements.
- Quarterly reports on quantifiable/verifiable achievements.