Department:Internal Audit
Division:Information Systems
Section / Unit:Information Security
Location / Work station:Times Towers, Haile Selassie Avenue, Nairobi or Other Regional Office
Reporting Relationships
Reports to:Chief Manager- Information Systems
Direct reports:Assistant Managers - Information Security
Indirect Reports:Supervisors
Job Purpose
The job holder is responsible for the review of the Authority’s Information System security, Infrastructure security, policies and procedures related to security to ensure technology in place and system controls are adequate to meet business objectives and customer needs.
Key Responsibilities / Duties / Tasks
Managerial / Supervisory Responsibilities
Development and execution of a comprehensive audit plan based upon risk assessment, management’s goals and objectives, and the requirements of the Board Audit Committee.
Provide professional audit services as the Manager in conducting reviews of assigned organizational activities in accordance with Standards for the Professional Practice of Internal Audit, and department standards.
Perform Corporate Information System (IS) audits designed to provide assessment of internal control processes and operational performance, in accordance with department and professional standards.
Reviews of internal controls and security of existing systems, under development, new information systems and system changes on existing systems as well as major IT projects and initiatives
Prepares under minimal supervision audit reports designed to provide assurance to management and the Audit Committee of the Board of Directors with an objective assessment of systems, processes and operations, and management’s planned corrective actions.
Perform or assist in the performance of special projects or studies, including risk assessments, fraud investigations, audit department policy updates etc.
Identify skills gaps including completing performance appraisals, personal development, succession plans, mentor and coach staff and on time in accordance with the established performance management system
Provide advisory/consultancy support across the Authority
Carry out ad hoc special assignments and investigations
Operational Responsibilities / Tasks
Manages staff within the Information Systems unit with regards to task allocation and supervision
Provide work instructions and assist employees with difficult and/or unusual assignments, encourage innovation, achievement of goals and foster team work through resolution of problems and mediates conflicts during operations
Review scope of audits, allocation of resources, deadlines and terms of reference for each review for respective units within the Information Systems division
Review audit working papers and draft audit reports
Prepare unit annual budgets and monitor their implementation.
Ensure completeness of audit workings in Audit management system (Teammate) for accuracy, completeness and quality
Assist in development of the Departmental risk register.
Provide advisory/consultancy support across the Authority.
Act as a primary client liaison with Kenya National Audit Office (OAG) on unit audit queries.
Job Dimensions:
Financial Responsibility:
Development of Unit’s Budget.
Unit’s expenditure recommendation.
Responsibility for Physical Assets
Responsible for physical assets assigned by the institution.
Provides oversight for the physical assets assigned to the Information SecurityUnit.
Decision Making:
Makes decisions using standard operating procedures.
Plan the work of subordinates.
Assign work to subordinates.
Monitor subordinates work performance.
Appraise/evaluate subordinates performance.
Working Conditions:
Works predominantly within the office.
Job Competencies (Knowledge, Experience and Attributes / Skills).
Academic Qualifications
Bachelor’s Degree in Information Technology, Computer Science, Business Information Technology, Mathematics and Computers, Finance, Accounting, Business
Professional Qualifications / Membership to professional bodies
Certification as a Certified Information Systems Auditor (CISA)
Certified Internal Auditor (CIA)
Certifications specific to the information technology industry such as a Certified Network Engineer, Certified Security Professional, or other relevant certifications will be an added advantage,
Membership of ISACA or IIA
Previous relevant work experience required.
A minimum of five (5) years operational IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development, project management, or a related field of which two (2) years should be at the First level management.
Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
Demonstrate and apply a thorough understanding of complex information systems
Knowledge of Control Objectives for Information and Related Technology, Accepted Auditing Standards, Standards for the Professional Practice of Internal Auditing.
Need to know:
Attributes:
Strategic leadership
Data analytical skills
Critical thinking
Technology savvy
High level of integrity.
Ability to understand business processes and good awareness of functional relationships of Departments within the Authority.
Ability to apply audit standards through practical application.
Understanding and ability to apply risk and control concepts.
Management and supervisory skills.
Planning and organizational skills.
Problem solving and analytical skills.
Oral and written communication skills.
Excellent relationship management skills.
