Information Security Auditor at Wema Bank Plc

Job Summary

The Information System Auditor is responsible for conducting audits and assessments of the organization’s information systems to ensure that they are secure, reliable, and compliant with internal policies and external regulations. The IS Auditor will work closely with other departments to identify vulnerabilities, recommend improvements, and ensure the effective implementation of controls.

Key Responsibilities:

Audit Planning and Execution:

• Develop and execute audit plans for evaluating the effectiveness of information system controls.
• Conduct risk assessments to identify areas of potential vulnerability and non-compliance.
• Perform detailed audit procedures including interviews and system reviews.

Risk Management:

• Assess and evaluate the organization's IT infrastructure to identify potential security risks.
• Provide recommendations for mitigating risks and improving overall security posture.
• Monitor and report on the status of risk management initiatives and control effectiveness.

Compliance and Regulatory Audits:

• Ensure compliance with relevant laws, regulations, and standards (e.g., SOX, GDPR, HIPAA, ISO/IEC 27001).
• Prepare and present audit reports to management, highlighting findings and suggesting corrective actions.
• Collaborate with regulatory bodies and external auditors as required.

Security and Control Assessment:

• Evaluate the adequacy and effectiveness of security measures in protecting information assets.
• Assess access controls, encryption mechanisms, and other security protocols.
• Test system configurations and software applications for compliance with security policies.

Continuous Improvement:

• Collaborate with stake holders on current trends, emerging technologies, and best practices in information security and auditing.
•  Recommend and implement improvements to the audit process and control environment.
• Ensure participation in professional development opportunities and certifications that will add value to the organisation and aid the growth and advancement of best practices.
• Work with Audit Client/IT and Digital compliance team to ensure closure of Audit exception.

Stakeholder Communication:

• Communicate audit findings and recommendations to stakeholders, including Senior Management and Board.
• Develop and maintain effective relationships with business units and external auditors.

Qualifications:

Education/Certifications:

• Bachelor’s degree in information technology, Computer Science, Information Systems, or a related field. Advanced degrees or certifications (e.g., CISA, CISSP, CPA) are highly desirable.

Experience:

• Minimum of 3-5 years of experience in IT auditing, information security, or a related field.
• Experience with audit tools and methodologies, risk assessment, and control evaluation.

Skills and Competencies:

Technical Proficiency:

• Strong understanding of IT systems, networking, databases, and cybersecurity principles.
• Familiarity with auditing tools and techniques such as ACL, IDEA, and other data analysis software.

Analytical Skills:

• Ability to analyze complex data and systems to identify potential risks and issues.
• Strong problem-solving skills and attention to detail.

Communication Skills:

• Excellent written and verbal communication skills.
• Ability to present technical information in a clear and concise manner to non-technical stakeholders.

Organizational Skills:

• Strong project management skills and the ability to manage multiple audits simultaneously.
• Excellent time management and organizational skills.

Ethical Standards:

• High level of integrity and professionalism.
• Commitment to maintaining confidentiality and ethical standards in all activities.