Internal Auditor – ICT
PURPOSE:
The bearer of the role is
responsible for the execution of audits/assessments of IT processes against
leading practices, frameworks and common standards (e.g. CoBIT, ITIL, HIPAA,
ISO 27001/02).
S/He is expected to
participate in the preparation and implementation of annual ICT work plans and
budgets.
Duties &
Responsibilities
- Participate
in IT Assurance/Audits – including the execution of evaluation and design
of IT controls (e.g. application & general controls) by carrying out
independent tests and assessments of compliance with the policies,
procedures and regulations as per the approved annual work plans plus
audit tasks assigned to other areas;
- Assist
in monitoring ICT infrastructure and identifying areas of internal control
weaknesses and non-compliance within procedures and provide sound and
practical recommendations to management;
- Provide
value adding recommendations and supporting in the creation of policies
and the automation of procedures and processes to ensure an appropriate
level of internal controls, standards to efficiency and compliance is
maintained;
- Performing
risk assessments and proactively identifying risks on all new and existing
ICT systems to improve internal controls and operational effectiveness and
efficiency;
- Assist
in carrying out technical audit of projects, and projects’ readiness
controls and practices;
- Prepare
ICT internal audit reports – presenting clear, concise and timely internal
audit working papers;
- Review
implementation of previous audit findings and ensuring deliverables are on
time and up to the expected standards;
- Contribute
to developing and maintaining productive working relationships with the
business; and
- Work
effectively as a team member: providing support, maintaining communication
and updating senior team members and management on progress.
Academic Qualifications
- Bachelor’s
degree in Information Systems, Information Technology or Computer Science
with a strong quantitative focus
Professional
Qualifications
- Professional
certification: Certified Information Systems Auditor (CISA).
- (Certified
Information Security Manager (CISM), ISO 27001 Information Security
Management System and Certified Internal Auditor (CIA) are added
advantages)
- Be
a member in good standing of Information Systems Audit and Control
Association (ISACA) or other related professional body.
- Good
understanding of guidelines and standards as prescribed in IIA-IPPF, ISACA
ITAF.
- Good
working knowledge of Computer Assisted Audit Techniques (CAATs) and data
analytics tools.
Experience
- Minimum
of six (6) years of experience in information systems audit/security
and/or data analytics related area for IT Auditors; and
- Background
in IT operations preferred, with demonstrable business concepts,
distributed networks, excellent scripting abilities, database design and
management experience required.
Skills and Attributes
- Knowledge
of current technological developments/trends in area of expertise and
knowledge of software requirements for audit of systems procedures
- Ability
to work independently with minimum supervision
- Excellent
communication skills – written, oral, presentation, report writing
- Strong
decision making skills
- Critical
thinking
- Ability
to maintain highest levels of integrity and objectivity
- Confidentiality
- Willingness
to learn and continuously expand technical and business skills in all areas
- Flexibility
in mobility
How to Apply
If you have the
aforementioned professional and academic qualifications and you are ready to
execute the above mandate, strictly apply through: https://cic.co.ke/career/ clearly
indicating the position being applied for. The application should reach us by
close of business on 2nd February, 2023. Please
note only short listed candidates will be contacted. If you do not hear from us
by 1st March,2023 consider
your application unsuccessful.
N/B: This job advert is
open to both internal and external candidates.