Latest Jobs at Equity Bank Kenya

Reporting to the Senior Audit Manager Information Systems, the role holder will be responsible for carrying out a detailed evaluation of IT-dependent internal controls and audit review of the bank’s information systems and projects using specified methodology and in accordance with department and professional standards. The position holder will conduct IS audit engagement planning, execution and reporting working closely with IS Audit Managers.

Key Responsibilities:

• The role holder will actively participate in conducting risk assessments during annual planning as well as engagement planning.

• Undertake audit engagements as assigned by the IS Audit Manager and within specific time budgets and quality parameters to achieve the Internal Audit Plan.
• Carry out walkthroughs and document process gaps i.e. carry out risk assessments, develop audit programs or update existing audit programs based on the risk assessments done.
• Adopt the use of Audit Tools (ACL, TeamMate etc) and Core business systems (Finacle CB, Oracle ERP) and other relevant applications to ensure effective and efficient audits.
• Report on audit findings clearly defining the 5Cs i.e. criteria, condition, cause, consequences and corrective action.
• Appraise the soundness, adequacy, application and efficiency of IT enabled controls to mitigate business risks and make recommendations to management to mitigate the risks.
• Act as Team Leader for less complex IS engagements within specified time budget and quality parameters and work as a team member on higher complexity IS engagements.
• Ensure full adoption of Teammate from the creation of project, users, completing working papers, raising issues, sign off and review, compiling reports for discussion with audit clients as well as tracking and validation of audit issues.
• Assess how well the business complies with rules and regulations and inform management on any issues that need to be addressed.
• Prepare special audit and control reports by collecting, analyzing, and summarizing operating information and trends.
• Perform issue tracking and validation to ensure IS audit issues identified are implemented within agreed timelines.
• Prepare periodic status updates on open IS audit issues.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or related field from a recognized university.
• Certified Information Systems Auditor (CISA).
• At least 4 years cumulative experience in Information Systems audit or information security from a reputable audit firm or financial institution.
• Excellent understanding of auditing concepts and practices as prescribed in the audit professional standards.
• Strong working knowledge of banking or financial business processes, risk and control environment, supporting business systems and technologies.
• Broad IT expertise with an emphasis on general IT operations, IT enterprise infrastructure and networks, cyber security, data privacy and emerging technologies such as cloud computing.
• In depth Knowledge of common IT platform (operating system, relational databases, network/mobile technologies) including Oracle database, Unix/Linux/Windows.
• Understanding of frameworks, principles, practices, and techniques related to IT operations, cyber security and project delivery e.g. ISO 27000, ISO 20000.
• Audit automation, tools and analyst skills. Experience in the use of TeamMate, SQL scripting and ACL data analytics tools is an added advantage.
• Team leadership and supervision skills with the ability to evaluate risks, articulate issues, develop consensus, raise awareness and recommend practical solutions.
• Good communication and report writing skills.
• Self-driven and ability to work under minimum supervision and demonstrate good level of maturity.
• Team player with strong interpersonal, communication and stakeholder management skills.
• Should have good analytical and problem-solving skills.

Closing: Jan 28, 2023

go to method of application »

Job Purpose: 

Responsible for supporting implementation of the Group Operational Risk Framework (ORMF) and Operational Risk strategy across the Equity Group. The specific responsibilities include but not limited to:

Developing an independent view regarding business units and support functions’ identified material operational risks, design and effectiveness of key controls, and risk tolerance:

• Ensure that operational risks are properly assessed, risk/return and control cost/benefit decisions are made transparently based on this proper assessment and are controlled in accordance with the Group’s risk appetite.
• Proactively conduct Second Line of Defense operational risk assessments to evaluate inherent risks, associated controls and residual risks of changes to products, services, processes and systems.
• Provide balanced and informed assessment of operational risks arising from acquisitions and major change initiatives or Bank/Group projects.
• Recommend changes to the control environment or to business practice where necessary to reduce the level of operational risk exposure to within the Group’s risk appetite.

Challenging the relevance and consistency of the business units and support functions’ implementation of the operational risk management tools, measurement activities and reporting systems:

• Provide oversight over the Risk and Control Self-Assessments conducted by the First Line of Defense. In addition, challenge the completeness of risk identification and control activities, and accuracy of inherent and residual risk ratings across Operational Risk Control Areas within the business units and support functions. Address any significant gaps identified.
• Ensure meaningful Key Risk Indicators (KRIs) are defined and maintained.
• Provide oversight over Risk Events management to ensure timely and complete documentation and escalation of Risk Events. In addition, ensure root cause analysis is completed for significant risk events and control activities/enhancements are identified to prevent future occurrences.  
• Support issue management across business units and support functions by promoting clear tracking and visibility of issues through to closure.
• Partner with relevant stakeholders in Scenario Analysis to identify sources of significant operational risk and need for additional risk management controls or mitigation solutions.
• Act as point of expertise for Operational risk, challenging business units and support functions on emerging and key risk trends.
• Maintain oversight and monitoring of the operational risk management system and the quality of the data therein

Developing and maintaining operational risk management and measurement policies, standards and procedures:

• Design, maintain and effectively communicate operational risk policies, standards and procedures while balancing regulatory requirements and customer experiences to maintain the Group’s risk profile within the overall risk appetite.
• Ensure the ORMF, operational risk policies, standards and procedures are effectively embedded across the Group.

Reviewing and contributing to the monitoring and reporting of the operational risk profile:

• Perform both qualitative and quantitative monitoring and reporting of the Group’s exposure to all types of operational risk, including trend analysis of risk profiles and review of the limits of operational risk regulatory and economic capital. Proactively identify and escalate any operational risks and issues above risk appetite.
• Compile operational risk reports, dashboards and metrics for Executive Management and Board reporting.

Designing and providing operational risk training and instilling risk awareness:

• Promote positive risk culture across the Group by contributing to the development of training materials and delivering training sessions on operational risk for staff.

Qualifications

ACADEMIC QUALIFICATION

Essential

• A bachelor’s degree in a relevant field.

Desirable 

• A master’s degree in business related field 
• A risk management certification such - ORM (PRMIA); or PRM (PRMIA); or CORM (IRM) or FRM (GARP) among others.
• IT Risk related certification such as CRISC desired

Closing: Jan 24, 2023