Job Purpose:

The role holder is responsible for providing independent assurance on the governance, risk management, and control (GRC) processes related to information technology, including general and application controls, data integrity, confidentiality, availability, and system security.

Key Responsibilities:

• Participate and contribute to assessment of risk for target audit areas within the IS space as guided by the Manager, IS Audit.
• Formulate engagement audit plans, prepare planning documents and ensure alignment of objectives, scope, methodology, and IT risk considerations in collaboration with the Manager, Information Systems Audit.
• Develop engagement audit tests.
• Execute audit procedures in alignment with IS audit objectives to ensure effectiveness and efficiency in assessing the design and operating effectiveness of controls.
• Document complete and accurate audit evidence and working papers to support audit conclusions and recommendations.
• Identify and document control weaknesses and associated risks for inclusion in audit reports, ensuring appropriate escalation to relevant stakeholders.
• Lead assigned IS audit engagements, ensuring timely execution of audit procedures, monitoring progress against the approved plan, and identifying opportunities to enhance processes and strengthen controls.
• Continuously evaluate audit objectives, test procedures, and risk coverage to ensure comprehensive coverage of the technology environment.
• Engage with audit clients to validate root causes and ensure proposed management actions are appropriate and actionable.
• Support special audits involving Information systems as assigned.
• Review the governance, risk management, and control environment across IT development projects, DevOps practices, and software engineering workflows, including SDLC processes, CI/CD pipelines, environment management, and agile delivery models.

Academic Qualifications:

Bachelor’s in information systems / computer science / IT / Business-related field, or equivalent.

Professional Qualifications:

• Certified Information Systems Auditor (CISA) – required.
• One (1) of: CISM/ CRISC/ CGEIT /CIA /ISO/IEC 27001 Lead Auditor or Implementer/ CISSP/ CIAQA / CCNA/ CPA /CEH / CHFI (added advantage).

Membership Affiliations:

Information Systems Audit and Control Association (ISACA).

Work Experience Required:

Over five (5) years in a similar role in a similar-sized organization.

Competencies:

• Planning & Organizational skills.
• Advanced analytical skills and attention to detail.
• Strong oral and written communication skills.
• Effective interpersonal skills to manage stakeholders at all levels.
• High standards of ethics and integrity.
• Sound judgment for risk-based audit planning, scoping, and prioritization.
• Strong commercial awareness to align audit outcomes with business objectives.
• Banking Knowledge.
• Comprehensive risk knowledge across IT and operational domains.
• Experience in reviewing DevOps and IT engineering processes, including CI/CD pipelines and agile practices.

• Participate and contribute to assessment of risk for target audit areas within the IS space as guided by the Manager, IS Audit.
• Formulate engagement audit plans, prepare planning documents and ensure alignment of objectives, scope, methodology, and IT risk considerations in collaboration with the Manager, Information Systems Audit.
• Develop engagement audit tests.
• Execute audit procedures in alignment with IS audit objectives to ensure effectiveness and efficiency in assessing the design and operating effectiveness of controls.
• Document complete and accurate audit evidence and working papers to support audit conclusions and recommendations.
• Identify and document control weaknesses and associated risks for inclusion in audit reports, ensuring appropriate escalation to relevant stakeholders.
• Lead assigned IS audit engagements, ensuring timely execution of audit procedures, monitoring progress against the approved plan, and identifying opportunities to enhance processes and strengthen controls.
• Continuously evaluate audit objectives, test procedures, and risk coverage to ensure comprehensive coverage of the technology environment.
• Engage with audit clients to validate root causes and ensure proposed management actions are appropriate and actionable.
• Support special audits involving Information systems as assigned.
• Review the governance, risk management, and control environment across IT development projects, DevOps practices, and software engineering workflows, including SDLC processes, CI/CD pipelines, environment management, and agile delivery models.

• Planning & Organizational skills.
• Advanced analytical skills and attention to detail.
• Strong oral and written communication skills.
• Effective interpersonal skills to manage stakeholders at all levels.
• High standards of ethics and integrity.
• Sound judgment for risk-based audit planning, scoping, and prioritization.
• Strong commercial awareness to align audit outcomes with business objectives.
• Banking Knowledge.
• Comprehensive risk knowledge across IT and operational domains.
• Experience in reviewing DevOps and IT engineering processes, including CI/CD pipelines and agile practices.

• Bachelor’s in information systems / computer science / IT / Business-related field, or equivalent.
• Certified Information Systems Auditor (CISA) – required.
• One (1) of: CISM/ CRISC/ CGEIT /CIA /ISO/IEC 27001 Lead Auditor or Implementer/ CISSP/ CIAQA / CCNA/ CPA /CEH / CHFI (added advantage).
• Information Systems Audit and Control Association (ISACA) membership.