Background information about the job or company

Citibank N.A. Kenya has been operating in Kenya since 1974 and has two branches in Nairobi and Mombasa, serving Corporate and Institutional clients. Citibank Kenya is the regional hub for the Citi East Africa cluster, which covers Kenya, Uganda, Tanzania and Zambia. It's the only solely corporate bank in Kenya. Businesses Citi Kenya is structured around ...

Responsibilities or duties

Understand and grasp the audit methodology, corporate standards, and internal control processes and use this knowledge to execute audit reviews.

Participate in technology audits by identifying key risks and controls, develop and execute control assessment plans, draft control issues and present them to the technology management, discussing practical solutions.

Execute audit assignments through effective collaboration with other audit teams within budgeted timelines and costs.

Monitor the risk and control environment of the Technology and Cybersecurity operations including emerging risks by interacting with management and providing feedback through the Business Monitoring process.

Assess impact of applicable regulations to the technology processes and adequacy of controls for compliance.

Develop and maintain effective line management relationships for a no-surprises approach.

Assess appropriateness and sustainability of pragmatic solutions for risk mitigation.

Deliver the audit work assigned to a high quality in accordance with the requirements of the Quality Assurance scorecard/ IA methodology

Actively contribute to the automated auditing initiative for efficient and continuous control monitoring

Contribute to various corporate strategic initiatives by active participation and proactive stakeholder engagement.

Improve technical knowledge through self-learning and training including mandatory Continuous Professional Development

Qualifications or requirements

University Degree (preferably IT related such as Computer Science, Information Technology)

Specific areas of experience should include cyber risks and controls within the ICT systems and related third-party connections, cybersecurity framework, understanding of threat and vulnerability assessment tests, and penetration tests.

Additionally, experience should include Desktop and Server technologies including virtualization and Cloud operations, Databases, Middleware, data and voice networks, Software Development and Production Support practices, Cybersecurity management, and the ITIL general controls processes including IT Governance and IT Program/Project Management.

Demonstrated analytical ability to understand IT control issues and related risks and controls, to identify root cause and recommending solutions.

Strong written and verbal communications skills in English with ability to clearly articulate issues and facilitate identification and implementation of solutions.

Working knowledge of the modern banking technology systems.

Good project management and interpersonal skills

Experience needed

At least 5 years of experience of auditing or managing IT infrastructure systems or applications in a medium to large scale environment, preferably in Banking and Finance field, with strong understanding of related IT risks, controls, and regulations.

Any other provided details

Preferred with relevant professional qualifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).

Preferred experience in designing or using Computer Assisted Audit Tools and Techniques (CAATTs)

• Understand and grasp the audit methodology, corporate standards, and internal control processes and use this knowledge to execute audit reviews.
• Participate in technology audits by identifying key risks and controls, develop and execute control assessment plans, draft control issues and present them to the technology management, discussing practical solutions.
• Execute audit assignments through effective collaboration with other audit teams within budgeted timelines and costs.
• Monitor the risk and control environment of the Technology and Cybersecurity operations including emerging risks by interacting with management and providing feedback through the Business Monitoring process.
• Assess impact of applicable regulations to the technology processes and adequacy of controls for compliance.
• Develop and maintain effective line management relationships for a no-surprises approach.
• Assess appropriateness and sustainability of pragmatic solutions for risk mitigation.
• Deliver the audit work assigned to a high quality in accordance with the requirements of the Quality Assurance scorecard/ IA methodology
• Actively contribute to the automated auditing initiative for efficient and continuous control monitoring
• Contribute to various corporate strategic initiatives by active participation and proactive stakeholder engagement.
• Improve technical knowledge through self-learning and training including mandatory Continuous Professional Development

• Cyber risks and controls within the ICT systems and related third-party connections
• Cybersecurity framework
• Threat and vulnerability assessment tests
• Penetration tests
• Desktop and Server technologies including virtualization and Cloud operations
• Databases
• Middleware
• Data and voice networks
• Software Development and Production Support practices
• Cybersecurity management
• ITIL general controls processes including IT Governance and IT Program/Project Management
• Analytical ability to understand IT control issues and related risks and controls, to identify root cause and recommending solutions
• Strong written and verbal communications skills in English
• Working knowledge of the modern banking technology systems
• Good project management and interpersonal skills

• University Degree (preferably IT related such as Computer Science, Information Technology)
• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) (Preferred)
• Experience in designing or using Computer Assisted Audit Tools and Techniques (CAATTs) (Preferred)