Job Description: Responsibilities & Requirements
Job Purpose:
- Carry out audits and reviews of the Cyber & Information Security, Network and Infrastructure hosted by the institution
- Carry out other duties that may be assigned (ARRs, follow-ups etc.)
- Independent assessment of the effectiveness of Information Systems risk management process and practices
- Information Systems Audit Objectives
- Information Systems Risk reviews.
- Provide assurance to the Board and Management on key risks and their management
JOB PRINCIPAL ACCOUNTABILITIES (Key tasks and indicate any additional activities arising from the job)
Information Systems Auditor:
- Carry out the periodic audit of information systems hosted by the institution and Group operations & Technology done in line with the approved Audit plan.
- Conduct audit and risk reviews of information systems including the following:
- UNIX AIX and Windows operating systems
- Portable devices such as laptops, notepads, smartphones, and blackberry phones
- Data backup/storage, security, availability, integrity, classification and retention
- Windows Office applications including email
- Windows domain controller
- Assess the risk and security exposures associated with all software applications and databases used for the facilitation of banking services to the bank’s customers across all affiliates.
- Assess risk associated with the strategic planning and management of the activities of the information technology platforms in Accra and Lagos.
- Assess risks associated with Information Security, IT Security, business continuity and disaster recovery planning
- Assess risks associated with data security, portable devices, windows office applications and domain controller
- Conduct audit and risk reviews of the following Network and Communication Systems but not limited to:
- The institution’s network and communication platforms
- Routers
- Firewalls
- IDS / IPS
- Switches
- Voice / Data / Video
- Conduct audit and risk reviews of Infrastructure including the following:
- Data Centers i.e. Accra, and Lagos
- Network and Internet Security
- Cloud computing
- Design / update I.S Audit programs and checklists for Networks, Communications and Infrastructure in line with international standards and new technology developments within the Group
- Plan and execute risk-based audit of Networks, Communications and Infrastructure
- Monitor and escalate key risk issues
- Carry out ad-hoc reviews
- Perform periodic IS Risk Assessments and maintain a technology risk map for institution and Group Operations & Technology
- Review and evaluate new technology products/services and associated risks.
- Independent participation in the review and evaluation of projects related to various information systems. networks, communications and infrastructure
- Share audit findings and recommendations for corrective action to the head of audit for management.
- Issue draft report within 10 days after completion of all audit assignments.
- Conduct training for colleagues (auditors), in order to improve the knowledge in auditing and enforcing controls in the IT systems.
- Assist in the preparation of quarterly board papers.
- Special Assignments and reviews.
- Perform other tasks that may be assigned by the Head of Audit and Audit Manager, eProcess & EGH
ADVERTISEMENT
CONTINUE READING BELOW
JOB CONTEXT
Audit Risk Reviews:
- Conduct audit risk review of critical platforms and the institution’s operations and issue report on findings
- Test to see if controls are working as they should
- Assist to provide reasonable assurance to management that risk identified are being managed.
JOB DIMENSION
Audit Risk Reviews:
- Provide trend analysis on key risks and recommend solutions
- Interact with all levels of staff, giving feedback on risk and control issues identified during audit reviews
- Provide advisory services to Functional Heads on risk and control weaknesses affecting their respective areas.
- Escalating risk and control issues and concerns to the head of audit for management attention.
- Assist in educating staff on risk the company is exposed to.
JOB SKILLS/EXPERIENCE
Experience:
- At least six (6) years of hands on database and technology application management and related fields
- Developed a broad and deep knowledge of all operational systems and to perform periodic audits required to enhance operational efficiencies
- Ability to review Network performance by monitoring network devices(routers and switches etc.); evaluating and providing recommendations for resolving network issues; management of network tools; and providing advisory services.
- Ability to assess Network design and provide expert advice to network, operations, and technical support teams
- Ability to review IT Security Framework Design and Implementation.
- Ability to access Security Policy Design, Infrastructure Design and Analysis.
- Ability to perform Identity Management, Firewalls Security Reviews.
- Understanding and use of CAATs for analytics (e.g. ACL).
- Understanding of Risk Assessment Tools and Methodology.
- Proficiency in the use of Structured Query Language (SQL).
- Some programming and/or advanced database skills required.
- Knowledge of audit procedures and institution’s procedures and information technology standards.
- Knowledge of global banking systems, and systems of controls within the banking environment.
- The incumbent must be detail oriented with an eye for precision
- Ability to assess network performance by developing a protocol for measurement of results and identification of problem areas.
- Excellent written and verbal communication skills with good presentation skills
- Strong planning and execution skills; ability to set priorities and work under pressure
- Ability to interact and present ideas effectively to all levels of staff
- High level of logical and analytical thinking
- Risk-based audit techniques
Education:
- University degree in Computer Engineering and Information Technology or related fields
- Equivalent professional qualification in Information Systems Security and/or Audit
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional(CISSP)
- Cisco Certify Network Associate (CCNA)
- Cisco Certified Network Professional (CCNP) +
- CompTIA Network++
ADVERTISEMENT
CONTINUE READING BELOW
Personal Attributes:
- Organization
- Discretion
- Vigilance
- Integrity
- Rigour
- Courtesy
- Good communication skills
- Availability
- Ability to work without supervision.
« Go back to the jobs list
RELATED JOBS >> CLICK A JOB BELOW TO VIEW & APPLY
Job Purpose:
- Carry out audits and reviews of the Cyber & Information Security, Network and Infrastructure hosted by the institution
- Carry out other duties that may be assigned (ARRs, follow-ups etc.)
- Independent assessment of the effectiveness of Information Systems risk management process and practices
- Information Systems Audit Objectives
- Information Systems Risk reviews.
- Provide assurance to the Board and Management on key risks and their management
JOB PRINCIPAL ACCOUNTABILITIES (Key tasks and indicate any additional activities arising from the job)
Information Systems Auditor:
- Carry out the periodic audit of information systems hosted by the institution and Group operations & Technology done in line with the approved Audit plan.
- Conduct audit and risk reviews of information systems including the following:
- UNIX AIX and Windows operating systems
- Portable devices such as laptops, notepads, smartphones, and blackberry phones
- Data backup/storage, security, availability, integrity, classification and retention
- Windows Office applications including email
- Windows domain controller
- Assess the risk and security exposures associated with all software applications and databases used for the facilitation of banking services to the bank’s customers across all affiliates.
- Assess risk associated with the strategic planning and management of the activities of the information technology platforms in Accra and Lagos.
- Assess risks associated with Information Security, IT Security, business continuity and disaster recovery planning
- Assess risks associated with data security, portable devices, windows office applications and domain controller
- Conduct audit and risk reviews of the following Network and Communication Systems but not limited to:
- The institution’s network and communication platforms
- Routers
- Firewalls
- IDS / IPS
- Switches
- Voice / Data / Video
- Conduct audit and risk reviews of Infrastructure including the following:
- Data Centers i.e. Accra, and Lagos
- Network and Internet Security
- Cloud computing
- Design / update I.S Audit programs and checklists for Networks, Communications and Infrastructure in line with international standards and new technology developments within the Group
- Plan and execute risk-based audit of Networks, Communications and Infrastructure
- Monitor and escalate key risk issues
- Carry out ad-hoc reviews
- Perform periodic IS Risk Assessments and maintain a technology risk map for institution and Group Operations & Technology
- Review and evaluate new technology products/services and associated risks.
- Independent participation in the review and evaluation of projects related to various information systems. networks, communications and infrastructure
- Share audit findings and recommendations for corrective action to the head of audit for management.
- Issue draft report within 10 days after completion of all audit assignments.
- Conduct training for colleagues (auditors), in order to improve the knowledge in auditing and enforcing controls in the IT systems.
- Assist in the preparation of quarterly board papers.
- Special Assignments and reviews.
- Perform other tasks that may be assigned by the Head of Audit and Audit Manager, eProcess & EGH
ADVERTISEMENT
CONTINUE READING BELOW
JOB CONTEXT
Audit Risk Reviews:
- Conduct audit risk review of critical platforms and the institution’s operations and issue report on findings
- Test to see if controls are working as they should
- Assist to provide reasonable assurance to management that risk identified are being managed.
JOB DIMENSION
Audit Risk Reviews:
- Provide trend analysis on key risks and recommend solutions
- Interact with all levels of staff, giving feedback on risk and control issues identified during audit reviews
- Provide advisory services to Functional Heads on risk and control weaknesses affecting their respective areas.
- Escalating risk and control issues and concerns to the head of audit for management attention.
- Assist in educating staff on risk the company is exposed to.
JOB SKILLS/EXPERIENCE
Experience:
- At least six (6) years of hands on database and technology application management and related fields
- Developed a broad and deep knowledge of all operational systems and to perform periodic audits required to enhance operational efficiencies
- Ability to review Network performance by monitoring network devices(routers and switches etc.); evaluating and providing recommendations for resolving network issues; management of network tools; and providing advisory services.
- Ability to assess Network design and provide expert advice to network, operations, and technical support teams
- Ability to review IT Security Framework Design and Implementation.
- Ability to access Security Policy Design, Infrastructure Design and Analysis.
- Ability to perform Identity Management, Firewalls Security Reviews.
- Understanding and use of CAATs for analytics (e.g. ACL).
- Understanding of Risk Assessment Tools and Methodology.
- Proficiency in the use of Structured Query Language (SQL).
- Some programming and/or advanced database skills required.
- Knowledge of audit procedures and institution’s procedures and information technology standards.
- Knowledge of global banking systems, and systems of controls within the banking environment.
- The incumbent must be detail oriented with an eye for precision
- Ability to assess network performance by developing a protocol for measurement of results and identification of problem areas.
- Excellent written and verbal communication skills with good presentation skills
- Strong planning and execution skills; ability to set priorities and work under pressure
- Ability to interact and present ideas effectively to all levels of staff
- High level of logical and analytical thinking
- Risk-based audit techniques
Education:
- University degree in Computer Engineering and Information Technology or related fields
- Equivalent professional qualification in Information Systems Security and/or Audit
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional(CISSP)
- Cisco Certify Network Associate (CCNA)
- Cisco Certified Network Professional (CCNP) +
- CompTIA Network++
ADVERTISEMENT
CONTINUE READING BELOW
Personal Attributes:
- Organization
- Discretion
- Vigilance
- Integrity
- Rigour
- Courtesy
- Good communication skills
- Availability
- Ability to work without supervision.