Purpose of the Role:
The Audit Manager, IT effectively and efficiently performs audit evaluation and testing work on assigned functional and regional Information Technology, project and other audits with the objective of supporting an independent assessment of the level of control over risk. The incumbent manages assigned audits as directed by the Audit Director, ensuring satisfactory coverage and optimum use of resources within agreed budget and timescales and plans assignments on policies and procedures. When managing the audit the manager takes ownership of the audit lifecycle (planning, execution and reporting) while adhering to the internal audit standards and the Bank’s audit methodology. The incumbent identifies and prioritises risk and control issues, makes recommendations for improvement of controls and discusses and agrees issues identified with unit management. The Manager also support the ‘Auditor in Charge’/ Senior Audit Manager in planning, leading and reporting the assignment, and acts as second in charge where required. The Manager ensures that all audit work is produced accurately, is robust and complete, and is able to work under tight time constraints.
Key Accountabilities:
- Performs evaluations of technology and business control processes for areas including cloud computing, information security and cybersecurity.
- Manages the planning, execution and reporting of information technology and other assigned audits according to the audit methodology and in compliance with IIA standards.
- Performs audit field testing of information systems and related processes in a multi-platform environment (Unix, Windows, AS/400, Oracle, SQL Server); delivering timely high quality audit working papers.
- Identifies, documents and agrees audit issues identified with unit and / or local management utilizing input from audit manager.
- Escalates issues to the Senior Audit Manager or Portfolio Director as appropriate
- Supports the planning and reporting phase of wider audits as required by Portfolio Director.
- Clears review notes from Auditor in Charge and Portfolio Director.
- Assess IT and other controls against known frameworks including COBIT, NIST,PCI-DSS, etc.
- Maintains knowledge of ISACA, IIA and other relevant standards.
- Validates the closure of deficiencies ensuring risk mitigation and sustainability of controls.
- Supports the Senior Audit Manager and Portfolio Director as appropriate.
Critical Knowledge & Skills Required:
- Knowledge of IT management, IT operations and information security primarily as it relates to the financial services industry.
- Strong technical knowledge / skills covering a broad range of IT systems (i.e. firewalls, routers, switches, web servers, servers, databases, operating systems, applications).knowledge of ISACA, IIA and other relevant standards.
- Effective teamwork skills.
- Good knowledge / understanding of internal auditing techniques.
- Knowledge of industry frameworks / standards utilized for IT internal controls (COBIT, NIST CSF, ISO, PCI-DSS etc.
- Good interviewing and investigation skills.
- Good negotiating and influencing skills.
- Good analytical skills and judgment - to present complex issues logically and understandably using lateral thinking to address wider concerns.
- Good leadership, coaching and motivational skills.
- Good facilitation, presentation and communication skills – oral and written.
- Ability to absorb high workloads and multi task many activities whilst delivering stakeholder requirements.
- Strong skills / recognition of risk and control considerations in specialist technical areas.
Experience Required:
- At least 2-3 year experience in IT security or IT auditing.
- Bachelor's degree in management information systems or computer science, CISA or other related information system security professional certification (e.g. CISSP, CISM, GIAC), internal auditing / accounting professional certification a plus (CIA, CFSA, ACCA, CGA, etc.).
- Experience with IT general controls (logical access management, system development life cycle management, change management, batch processing management, and storage management), digital auditing (digital channels, digital design, digital technologies, etc.), cybersecurity, cloud computing and disaster recovery / business continuation management.
- Project management experience.
- Some experience of risk management and internal controls.
- Ability to assimilate and interpret data from a number of sources (sometimes conflicting) and drawing appropriate conclusions.
- Good experience of communication with peers and senior management, in written, oral and listening. Ability to communicate issues that are sometimes complex or contentious.
- Experience of working without close supervision and to tight deadlines and time constraints.
Position reports to: Director, Audit Portfolio
Expiry date: 05 May 2021