Information Systems Auditor at Metropol Corporation Ltd

About the Job

Metropol is currently seeking a talented professional for the Information Systems Auditor position, reporting to the Head of Internal Audit, Risk & Compliance. The holder will perform detailed evaluation, risk assessment, internal control and audit reviews of computer information systems. S/he will conduct quality assurance in technology acquisition, implementation and sign off of IT projects as well as consultation with management and staff on computer information systems operational issues.

Duties and Responsibilities

• Participate in the formulation and preparation of annual audit scope and work plan.
• Planning and scoping of annual and ad hoc Information Systems (IS) audits in liaison with the Head of Department.
• Conduct IS risk assessments to identify inherent and potential risks and ensure implementation of mitigation measures.
• Preparing detailed IS Audit planning memoranda, audit programs and procedures for each IS audit assignment which may include IS network reviews, Business application systems review, Data management reviews, Database reviews, IS security reviews, IS development and acquisition reviews, IS processes review etc.
• Execute IS audit assignments and document well referenced working papers and evidence for each IS audit assignment in accordance with IS audit standards and best practice to ensure confidentiality, integrity and availability of data and business applications (ISMS ISO 27001, COBIT, ITGC and Application Controls) as well as ensuring that audit findings are closed within agreed timelines.
• Preparation of high-quality audit reports and PowerPoint presentations on IS audits, IS risks and opportunities and discuss the same with audit clients and management.
• Perform information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
• Participate in providing quality assurance, review of internal controls and creation of audit tools to be used by audit staff in conducting audits
• Assist in extraction and analysis of audit data using data analytical tools and CAATs to improve IA department’s efficiency and productivity.
• Assisting and training other audit staff in the use of computerized audit techniques, and in developing methods for review and analysis of computerized information systems.
• Conduct operational, compliance, financial and investigative audits, as assigned.
• Prepare for and conduct risk-based audit programs
• Offer guidance and ensure compliance with established internal control procedure, legislations, policies and procedures
• Completes audit work papers by documenting audit tests, findings and recommendations.
• Maintains internal control systems by updating audit programs and questionnaires; recommending new policies and procedures.
• Perform post-audit follow-up to establish status of implementation of audit recommendation and report on status of audit remediation activities.
• Demonstrate project management skills, manage audits to meet target dates within budgeted hours.
• Manage technology governance methodologies and frameworks.
• Assess technology risk and develop audit and advisory plans.
• Innovate control automation techniques to minimize compliance cost.
• Perform any other related duties as assigned.

Education, Qualifications & Experience:

• A degree from a recognized University preferably in Computer Science or a related field with at least 4 years’ relevant experience.
• Professional qualifications: Certified Information Systems Auditor (CISA), CPA(K) in good standing
• At least 2 years in auditing information systems experience in financial services industry
• Proficient in using computer software and applications (e.g., ACL, TeamMate, Idea, SQL, Ms Office etc.)

Competencies:

• Ability to engage with senior management and staff on audit matters.
• Ability to gather data, compile information, and prepare quality reports.
• Knowledge of risk management frameworks and risk-based auditing
• Knowledge of computer systems development, programming and software requirements for the auditing of computing systems and procedures.
• Knowledge in current technological developments/trends in information systems and information security, ISMS audit standards, IT sector’s laws, regulations, best practices, tools, techniques and audit standards.
• Knowledge of accounting/auditing principles and practices.
• Must have excellent communication, persuasion, analytical and research skills and interact professionally with employees and Directors.
• Demonstrates a dedication to skill enhancement and training.
• Maintains the highest levels of independence, objectivity and integrity.
• Ability to work under minimal supervision

Skills:

• Proven ability to work under pressure and meeting tight deadlines
• Flexible and mature approach with ability to work unsupervised
• Creative and technical problem-solving skills to resolve issues or devise a new approach.
• Excellent problem-solving communication skills.