Information Systems Auditor Salaam Bank

MAIN PURPOSE OF THE JOB
To perform information systems audits throughout the Bank’s IS Infrastructure Systems and Business Applications including audits of complex computer applications and technological solutions in accordance with the existing IAD Work plan and professional standards on IS auditing, Internal Audit
Methodology, processes, procedures, and timeframes.

KEY RESULTS AREA
Improve efficiency and effectiveness in all areas of audit, inspection, and audit administration throughout Salaam Bank.
Provision of up-to-date information to the Manager, Information Systems Audit on all areas of IT audit, inspection and IT general controls and IT administration within the bank.

KEY RESPONSIBILITIES
• Performing independent risk assessments of all new and existing systems
• Plan and perform risk-based Information Systems audits, in line with Internal Audit Methodology, processes, procedures and timeframes.
Prepare timely audit reports detailing audit findings and recommendations for improvements on procedures and internal controls.
• Providing Information Systems consultancy services for projects undertaken by the Bank ensuring compliance with best practice.
Carry out application/website vulnerability assessment and penetration testing.
• To execute the ICT Audit Annual Plan as approved by Board Audit Committee.
Ensure adequate planning to align IS audits with corporate and business objectives.
• Perform general and application control reviews for simple to complex computer information systems.
Perform information control reviews of system development standards, operating procedures, system security, programming controls, network and infrastructure controls, back up and disaster recovery and system maintenance.
• Perform reviews of internal control procedures and security for system under development.
• Monitor the implementation and operation of defined controls on an ongoing basis.
• Develop and maintain the skills, knowledge and expertise to make valuable contribution to the Internal
• Audit team. Train non IT auditors on basic IT tests and controls
• Write reports on audits conducted
• Follow up on outstanding audit issues for closure.
• Any other job as may be delegated or assigned by management from time to time

Key performance measures
Increase the efficiency with which audits are conducted whilst consistently meeting high quality standards.
To help ensure that technical and business knowledge is shared effectively and that the skills available are applied in an optimum manner
• Average number of days to finish an audit assignment
• Internal Customer service satisfaction rating
• IT risk minimization as a result of process improvement recommendations
• Number of Audit working papers fully prepared in the Audit Teammate System
• Pre-Audit Activities & Engagement Planning
• Execution of Assurance engagements
• Audit Reporting & Post audit activities
• Percentage of an Annual IT Audit Plan completed against the assigned audit
• Proper documentation audit working papers for all the stages of Planning, Execution, Reporting and Follow up.

Important relationships
• Job is both internally and externally focussed, requiring that the individual be highly adaptable
• The job requires relationships be built across the organisation, regionally and in-country at senior level
• The job holder will report to the Manager, Information Systems Audit.
• All regional and cross country forums will require participation to ensure teambuilding and sharing of best practice across the organisation.

Knowledge, experience and personal competencies
Qualification & experience
• Relevant professional experience, preferably BSc. Computer Science or IT related degree.
• IT audit work experience or substantial experience from IT Operations Support or IT Development function.
• Minimum of 2 years of practical audit/IT experience in a commercial banking environment or a large organization at a senior level and preferably in IT Audit.
• IT audit or security related qualification (CISA, CEH, CISM, CISSP, CRISC etc.).
• Experience in auditing operating systems, firewall, etc.

Knowledge
• Experience in risk-based auditing or risk/ control or IT security activities.
• Understands the control, regulatory and risk issues relating to information technology.
• Good understanding of technology and its business application including knowledge of current and emerging issues on technology.
• Specialist knowledge of either Infrastructure and IT processes or auditing business process within a Financial Services organization
• Knowledge in risk assessment & control concepts /methodologies.
• Knowledge in audit tools & techniques including process mapping, control identification & analysis and design of audit tests.

Personal competencies
• A structured approach to dealing with complex and variable work environments in an independent manner.
• Ability to balance opposing business requirements.
• Ability to balance long term and short-term requirements independently
• Strong evaluation, communication and reporting skills
• Strong interviewing, negotiating and presentation skills.
• Able to provide advice and cause/effect evaluation to support business decision making
• Independent and logical thinker, yet an achiever and implementer
• Leads by example
• Good at managing large volumes of information and can add value through management reporting
• Builds relationships and networks easily
• Has strong service ethics