Manager, Information Systems Audit at I&M Bank

Job Purpose

The role holder is responsible for delivering the annual information systems audit plan which focuses on integrity, confidentiality, and availability of information by ensuring appropriate security controls are in place as well as compliance to internal and external requirements. This role is responsible for ensuring that they advise the Deputy General Manager, Internal Audit on assurance coverage of all IS related risks across the banks entire IT infrastructure.

Primary Responsibilities

• Provide input to the Deputy General Manager, Internal Audit in preparing the annual audit plan for approval by the BAC. This is through developing and delivering a comprehensive information systems audit plan that aligns with the bank’s risk management strategy.
• Evaluate the effectiveness of information security controls to protect against unauthorized access, modification, or data loss.
• Ensure compliance with relevant legal, regulatory, and internal requirements pertaining to information systems security and data protection.
• Provide expert advice to the Deputy General Manager, Internal Audit, on the assurance coverage of information systems-related risks, spanning the entirety of the bank’s IT infrastructure.
• Review for adequacy work done by the team in planning such as documents review, prior reports, data analysis, interviews/walkthroughs, risk assessment, sampling, and all related planning items.
• In liaison with the Group IS audit lead, develop a planning document and obtain agreement from the Deputy General Manager, Internal Audit on the audit objectives, audit methodology and scope of work as well as key risk areas for review on each assignment.
• Perform quality assurance to ensure that all evidence and working papers meet the standards required to support the audit findings, root causes, risks, recommendations, and conclusions.
• Monitor the audit progress and timescale per the planning memo. Assess with the team, areas of improvement on the effectiveness and efficiency of the audit procedures.
• Conduct special audits as well as functions that undergo significant change, and draft suitable audit reports.
• Ensure that key weaknesses and existing/potential risks are highlighted and well-presented before approval and final report issuance.
• Probe audit clients for correct root causes and relevant management actions.
• Lead follow up on post-exit clarifications and management actions.
• Determine training needs in liaison with the team and on agreement with the Deputy General Manager, Internal Audit, assign appropriate learning programs.
• Serve as an on-going subject matter expert in information security controls and technologies.

 Person Specifications

 Academic qualifications

• A Bachelor’s degree in Computer Science, Information Technology or related discipline.

Professional qualifications

• Certified Information System Auditor (CISA), CISM, CRISC or equivalent; or studies towards attainment of such qualifications.
• ISACA Member.
• A CIA qualification will be an added advantage.

 Work Experience

• Over four (4) years’ relevant experience with over a year in a senior management role in a similar sized organization.

 Skills & Attributes

• Planning & Organizational skills.
• Analytical skills and attention to detail.
• Strong oral and written communication skills.
• Interpersonal skills to manage stakeholders at all levels.
• Ethics and integrity
• Excellent judgment and analytical abilities and impeccable integrity.
• Strong commercial awareness and an ability to connect to business goals.
• Banking Knowledge.
• Risk Knowledge.
• Audit Knowledge.
• Data analytics.