Head, Information Technology (IT) Auditor at Jubilee Life Mortgage Bank

Job Summary

• Provide adequate assurance on the Banks Information Assets by ensuring that adequate controls exist across the Banks IT infrastructure as well as ensuring that all IT processes are in line with the Banks policies and processes.

Principal Duties and Responsibilities

• Technological innovation process: creates a risk profile for current and future projects with a focus on the company’s experience with those technologies and where it stands in the market.
• Innovative comparison audit: looks at the organisation’s ability to innovate compared to competitors and evaluates how well the company produces new products.
• Technological position audit: examines current technology in the organisation and future technologies that will need to be adopted.
• Systems and applications:- evaluates whether systems and applications are controlled, reliable, efficient, secure and effective.
• Information processing facilities:- evaluates an organisation’s ability to produce applications even in disruptive conditions
• Systems development verifies that systems that are being developed are suited for the organisation and meet development standards.
• Management of IT and enterprise architecture: Evaluate the IT organisational structure for information processing.
• Client, server, telecommunications, intranets and extranets:- examines controls on client connected servers and networks.

IT / E-Bank:

• Engage in systems/applications testing to ensure they meet agreed systems requirements.
• Review IT expense to ensure there is value for money.
• Plan internal audit procedures.
• Monitor the outcome of IT End-of-Day/Month activities.
• Ensure that applications & systems are reviewed as planned.
• Coordinate system access administration of the Unit.
• Monitor the review of logs and vulnerability on the network.
• Carryout investigation of system incidents.
• Engage in User Acceptance Test (UAT) for both in-house developed and off the shelf applications.
• Represent the Group in Change Management Committee and review results of approved changes.
• Engage in application certification, implementations & due diligent engagements.
• Support ISO 27001 Information security management system certification,
• Support ISO 20000 IT Service management certification,
• Support PCIDSS annual assessment and certification.
• Coordinate ISO 22301 Business Continuity Management System certification
• Evaluate Compliance to data protection.

Business Service Group & Other Users of Critical Applications:

• Follow up on issues raise by the Unit that require BSG attention.
• Engage users on access requirement (access matrix).
• Provide support to end users on system access requirements.
• Engages in user education.

Board Audit Committee & It Steering Committee:

• Attend to the Board Audit Committee & IT steering committee enquiries on IT related issues.
• Prepare reports of significant findings to the Board Audit Committee.

Others, Regulatory Authority, Law Enforcement Agency, Other Banks, Vendors & External Auditor:

• Answer queries on user activities on the system.
• Attended to Regulatory, External Auditors & Law Enforcement inquires, discrete requests on system related issues, electronic fraud and other interbank activities. Represent the Group & the Bank in IS/IT Audit/Control/Security related meetings within and outside the Bank.

Competencies

• Minimum of First Degree in any discipline with relevant professional certifications or first degree in a numerate or IT related discipline.
• Relevant professional certifications such as Certified Information Systems Auditor (CISA), International Standard Organisation (ISO) certified, Certified Information Systems Security Professional (CISSP), Qualified Membership of Information Systems Audit & Control Association (ISACA), and Qualified Membership of a Professional Accounting Body, MBA or other IT Certifications and/or a second degree are added advantages.