Position Description
• Responsible for assessing controls around IT infrastructures, including network devices, applications and databases as well as all IT project development.
• During the process, completes work timely and in accordance with Control Methodology and other applicable standards, and defined plans, budgets, and schedules.
Key responsibilities
• Perform IT security reviews involving people, processes, and technologies. Auditing operating systems, firewalls, intrusion detection systems, databases, web servers, messaging servers, network components and industry specific technologies in line with best practices.
• Assess network architecture so that he or she can identify configuration and topology issues through analysis of the design and configuration of the network.
• Evaluate security risk of all kinds of applications; stand-alone, network based and web based . This will cover high-level design audit, black-box testing, source code reviews, development and delivery audit as well as operating environment audit.
• Perform process risk analyses, prepare process maps and flowcharts, and prepare effective and efficient compliance and substantive test plans; prepare and perform testing of controls.
• Perform assessment of IT application controls, IT general controls environment and automated controls embedded within IT environment.
• Evaluate test results: accurately identify symptoms, root cause, problems, identify alternative controls and develop recommendations.
• Prepare work papers, draft grammatically correct interim letters and other reporting documents; assist in preparation of the draft exception report.
• Evaluate the completeness of the responsible management’s corrective action plans.
• Perform related work as assigned by lead Manager(s) and/or Manager. .
Key performance measures
• Control Adequacy rating from Internal Audit.
• Promptness and effectiveness of processes and system reviews.
• Quantum of undetected regulatory/statutory infractions from External Auditor and Regulators’ reports.
• Early identification of vulnerabilities within the IT systems that are susceptible to fraud.
• Zero tolerance for fraud due to internal breach or weaknesses in the systems or technologies supporting business..
• Timely escalation of potential threat to IT systems and data.
• Effectiveness at follow up to ensure that Internal Audit recommendations are implemented.
go to method of application »
Interested and suitably qualified candidates should click here to apply online.
Apply via :
