IT Auditor

RESPONSIBILITIES: Review of System Access Controls Review and ensure that access control strategy aligns with the corporate identity policy and the IT architecture of NSE;
Review and ensure that a unique identity is used to initiate a transaction and ensure that user is currently authorized to perform such action;
Violation monitoring: ensuring that access violations are identified. e.g. resigned staff accounts still active on NSE applications
Post-Implementation Reviews of IT Projects Reviews to identify risks introduced during the vendor selection, pre-implementation and golive due to system adaptation for NSE’s Users and processes;
Review and ensure that key controls were embedded through the application acquisition lifecycle and go-live of various applications and processes
Business Continuity Reviews Review to ensure continuous operations of business applications (X-stream, Sage etc.) in the event of fires, terrorist attacks, extended power failures, equipment and telecommunications failures;
Review appropriately identified risks focusing on NSE processes and known potential risks that affect continuity of IT operations and services;
Ensure that costs of implementing and managing continuity assurance are less than the expected losses and within management’s risk tolerance Reviews of Change Management Ensure 100% compliance to change management procedures to handle in a standardized manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms;
Assess the control risk associated with change request of changes within IT infrastructure and Applications; Revenue Assurance Audit Review of the various income heads in the books of the NSE;
Ensure that income streams protected from income leakages due to wrong configuration or manual process for collection of incomes Continuous Auditing of IT Related activities Ensure that the following activities carried out by IT are reviewed
Reviews of IT implementation and ensure that the meet the needs of users
Ensure that the disaster recovery processes in the NSE, would available and sufficient enough to withstand major disruptions to our information systems
Continuous auditing of x-stream and ensure that data from the application are accurate Audit of IT Governance NSE’s IT senior management team is engaged in aligning IT strategic plans with current and future business needs
NSE’s IT performance monitoring and evaluation process reviews: definition of relevant performance indicators, systematic and timely reporting, and timely action upon discovery of deviations
Review and ensure that identification and allocation of IT costs are understood by the senior management to enable NSE make informed decisions regarding the use of IT services Other Reviews Server Operating Systems Review
Network Operating Systems Review
Software Development Life Cycles
Review of Technology Governance and Operations
Information Security Reviews.
Ensure Data Centre Best Practices
Ensure adherence to Disaster Recovery / Business Continuity principles,
Ensure Penetration Testing
Review IT Policies & Procedures Review and generate Gap analysis Report Ensure proper monitoring of IT Operations (Backup & Recovery, Job scheduling, Problem and Incident Management) Audit Reporting Maintaining work papers
Evaluate the sufficiency and appropriateness of audit evidence to support conclusions drawn. Prepare the audit report and presenting it to the head Internal Audit Department
Monitor compliance with reporting requirements.
Follow up and report on implementation of internal and external audit recommendations. Performing other duties as assigned to him/her by the Head Internal Audit DESIRED COMPETENCY AND SKILLS REQUIREMENTS: Thorough knowledge of Various Standards and Frameworks which include: ISACA framework • COBIT •COSO •SOX •ICFR •BASEL 1 & II Etc.
Extensive knowledge of internal control principles, audit practises and compliance in an IT related Field.
Must be able to build strong partnership with MOT and other staff, communicate with a wide variety of audience in a clear understandable language.
Experience in IT Audit
Proven track record of performance against deliverables
Experience in financial sector is highly desirable Change management experience.
Generic Skills:
Personal Integrity
Dynamic, service oriented and Committed to results
Problem solver and ready to develop and train others
Natural inquisitiveness, Highly motivated, energetic and enthusiastic
Ability to work under pressure with strict deadlines
Ability to recognise and respond to diverse thinking styles and learning styles
Strategically aware of the business environment, with a global mind-set
Firm in decision making and persuasive.
Job Specification: A Bachelor’s degree in accounting, Economics, Information technology or a similar field CISA (Certified Information Systems Audit), ICAN, ACCA added advantage.