IT Auditor

Position: IT Auditor

Reports to: Chief Internal Auditor

Department: Audit Department

Experience: At least three years’ relevant working experience in IT and Risk management

Closing Date: 2025-02-14

To conduct IT audits of the Bank’s IT controls, operations, risk management and governance processes and report matters to Chief Internal Auditor for further action.

• Assist in developing the IT Audit plan as part of the Annual Audit Programme.
• Participating in identifying a comprehensive set of auditable areas ("audit – universe") for technology and cyber risks and performing an effective risk assessment during audit planning.
• Continuously review and report on ICT systems controls and cyber risks within the bank and other related third-party connections.
• Assessing both the design and effectiveness of technology and cyber risk management framework implemented.
• Conducting reviews to ensure that regular independent threat and vulnerability assessment tests are conducted.
• Developing appropriate audit tests aimed at addressing identified IT risks and achieving the desired audit objectives to provide assurance that the IT risks are effectively managed or mitigated.
• Conducting assigned audits including planning, evaluating, and documenting the results, reporting and follow up in accordance with the annual audit plan.
• Prepare clear and concise audit reports on audit findings, detected non-compliance with bank policies, guidelines, statutory requirements, and procedures for discussion with management before final reports are issued for corrective action.
• Collaborate and follow up on all IT issues arising from internal audits and other reviews and secure compliance with the agreed recommendations within the relevant time frame.
• Conduct investigations into reported or suspected frauds and forgeries as may be assigned.
• Take a lead in supporting Internal Audit Department to optimize the use of tools/audit software by providing internal support services to all users when necessary.
• Exercise due professional care in performing audit work, including reviewing operating efficiency and making recommendations for cost reductions and earnings improvement.
• Continuous professional development through self-training, association with professional bodies, participation in recommended courses and in-house training.
• Any other duties assigned by the supervisor in line with the role.

• Bachelor’s degree in information systems/technology, computer science or related field from a recognized university.
• Possession of relevant professional qualifications/certifications – Certified Information Systems Auditor (CISA). Others such as Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Certified Information Systems Security Professional (CISSP) or the equivalent will be an added advantage.

• At least three years’ relevant working experience in IT and Risk management area.
• Experience of the banking and IT environment is an added advantage.

• Possess technical knowledge in information systems (Including but not limited to Information security, Application controls, IT Projects, Computer Networks, Databases, Operating systems).
• Having knowledge in accounting and operational audit fields will be an added advantage.
• Strong interpersonal skills and a good team player.
• Commendable analytical skills in evaluating data and information.
• Ability to work under pressure.