Technology Senior Auditor

The Technology Senior Auditor participates in the timely delivery of high quality, value-added assurance and audit reports for a portfolio of business activities. The suitable candidate should possess relevant knowledge and skills required for auditing one or more areas covering Applications, Infrastructure, Information / Cyber Security, Continuity of Business, and Third Parties including IT Governance and the ITIL-based IT General Controls processes. Exposure to the Kenya Banking Sector regulatory requirements relating to these areas, a good understanding of risk and controls and performing risk assessments of these functions is also essential.

Key Responsibilities

• Understand and grasp the audit methodology, corporate standards, and internal control processes and use this knowledge to execute audit reviews.
• Participate in technology audits by identifying key risks and controls, develop and execute control assessment plans, draft control issues and present them to the technology management, discussing practical solutions.
• Execute audit assignments through effective collaboration with other audit teams within budgeted timelines and costs.
• Monitor the risk and control environment of the Technology and Cybersecurity operations including emerging risks by interacting with management and providing feedback through the Business Monitoring process.
• Assess impact of applicable regulations to the technology processes and adequacy of controls for compliance.
• Develop and maintain effective line management relationships for a no-surprises approach.
• Assess appropriateness and sustainability of pragmatic solutions for risk mitigation.
• Deliver the audit work assigned to a high quality in accordance with the requirements of the Quality Assurance scorecard/ IA methodology.
• Actively contribute to the automated auditing initiative for efficient and continuous control monitoring.
• Contribute to various corporate strategic initiatives by active participation and proactive stakeholder engagement.
• Improve technical knowledge through self-learning and training including mandatory Continuous Professional Development.

Qualifications and Experience

• University Degree (preferably IT related such as Computer Science, Information Technology).
• At least 5 years of experience of auditing or managing IT infrastructure systems or applications in a medium to large scale environment, preferably in Banking and Finance field, with strong understanding of related IT risks, controls, and regulations.
• Specific areas of experience should include cyber risks and controls within the ICT systems and related third-party connections, cybersecurity framework, understanding of threat and vulnerability assessment tests, and penetration tests.
• Experience should include Desktop and Server technologies including virtualization and Cloud operations, Databases, Middleware, data and voice networks, Software Development and Production Support practices, Cybersecurity management, and the ITIL general controls processes including IT Governance and IT Program/Project Management.
• Demonstrated analytical ability to understand IT control issues and related risks and controls, to identify root cause and recommending solutions.
• Strong written and verbal communications skills in English with ability to clearly articulate issues and facilitate identification and implementation of solutions.
• Preferred with relevant professional qualifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
• Preferred experience in designing or using Computer Assisted Audit Tools and Techniques (CAATTs).
• Working knowledge of the modern banking technology systems.
• Good project management and interpersonal skills.