Information Security Auditor

Role & responsibilities

The role holder is responsible for conducting audit of information systems (IS) in accordance with professional audit standards and international best practices in order to ensure statutory compliance of all systems, processes and practices. The role holder is also responsible for preparing accurate audit finding, reports in compliance with regulatory provisions.

Core Responsibilities

• Conduct the IS audits (ITGC controls, VA, PT, APPSEC, NSAR, CA, BCP, DR, Cloud Security, Cyber Security, Security Operations and Surveillance, Information security and privacy controls, IT Processes Data Centre Operations, identity and Access Management, Change Management, Incident Management etc.) across all technology segments
• Assist in implementing risk-based audit plans to ensure safety and soundness of the Bank.
• Ensure completion of assigned audits and documentation of work papers on time.
• Provide improvement/ suggestions to existing process / systems to line management
• Assist in keeping Audit Procedure Manual and checklists current and updated.

People Management or Self-Management Responsibilities

• Defines performance goals at the start of the year in discussion with the reporting manager and ensures that the goals are monitored and achieved during the course of the year.
• Takes ownership of his/her own learning agenda by identifying development needs in consultation with the reporting manager and working towards bridging the gaps through various means which go beyond just training.
• Understands the competencies relevant to his/her role, and works towards displaying as well as developing these effectively.
• Keeps abreast of relevant professional/industry, regulatory developments, new techniques and current issues through continued education and professional networks.

Risk and Internal Control Responsibilities

• Follows risk policy and processes to mitigate the operational, regulatory, financial, informational, reputational and audit risks as instructed by the departmental manager.
• Executes the established internal control systems and compiles relevant information for departmental audits, as necessary.
• Possess strong presentation skills and good working knowledge of applicable regulatory compliances

TECHNICAL COMPETENCIES

Technical Competencies

• ITGC Controls
• Risk assessments
• VA, PT, APPSEC, NSAR, CA
• Information Security standards ISO 27001
• BCP and DR
• Cloud Security
• Cyber Security
• Security Operations and Surveillance
• Information security and privacy controls
• Banking Technologies

Certifications

• CISA OR ISO 27001 LA - Mandatory and / or CISSP, CRISC