Senior Audit Manager – IT

REPORTING TO: Head of Internal Audit

JOB PURPOSE: Reporting to the Head of Internal Audit, the role holder will be responsible for leading IT audits that provide reliable, valuable and independent assurance to the board and management on the effectiveness of governance, risk and control over current and evolving risks within Information Technology.

To provide an independent view of risk management and internal controls practices that impact the adoption and utilization of IT within the Bank and technical advisory to management on the assessment of IT risks and controls related to complex business applications and innovative technological solutions.

LOCATION: Kampala

KEY ACCOUNTABILITIES:

  • Audit Planning: Is responsible for developing the annual IT audit plan based on the organization’s risk assessment. He/She collaborates with stakeholders to identify key areas to be audited and prioritize audit activities.
  • Risk Assessment: Assess IT risks and controls, identify potential vulnerabilities, and evaluate the effectiveness of existing controls. He/She should stay updated with emerging technology trends and assess their impact on the bank’s IT environment.
  • Audit Execution: Leads audit engagements and manages the audit team. He/She conducts detailed assessments of IT systems, infrastructure, and processes, ensuring compliance with industry standards, regulations, and internal policies. Further to review work papers of the engagement team and analyze evidence, perform data analysis, and identify control weaknesses or gaps.
  • Control and Process Improvement: Based on audit findings, recommend and follow up implementation of controls and process improvements to enhance the efficiency and effectiveness of IT operations. They will collaborate with IT and business stakeholders to address identified deficiencies and develop remediation plans.
  • Compliance and Regulatory Requirements: He/She will review the bank’s IT systems and processes and advise on compliance with applicable laws, regulations, and industry standards, such as data privacy regulations (e.g., Data Privacy and Protection Act, GDPR) and cybersecurity frameworks (e.g., NIST, ISO 27001).
  • Technology Risk Management: He/She monitors and evaluates technology-related risks, including cybersecurity risks, information security, data integrity, and disaster recovery. They recommend and follow up implementation of risk mitigation strategies and work closely with Business Technology to enhance security controls and incident response procedures.
  • Stakeholder Management: He/She shall maintain effective relationships with key stakeholders, including Executive Management, BT team, external auditors, and regulatory bodies. They will communicate audit findings, recommendations, and risk assessment results to management and guide IT control best practices.
  • Team Management and Development: Senior Audit Manager-IT oversees and mentors the audit team, providing guidance, feedback, and training to enhance their skills and knowledge. He/She will conduct performance evaluations, resource planning, and manage work allocation to ensure timely completion of audits.
  • Continuous Monitoring and Audit Automation: He/She shall leverage technology and data analytics tools to automate audit processes, perform continuous auditing and monitoring of IT controls, and identify anomalies or potential risks. They will stay updated with emerging audit tools and methodologies to improve audit efficiency.
  • Audit Reporting and Documentation: He/She shall present audit reports to Executive Management and the Board Audit Committee, highlighting key findings, recommendations, and remediation plans. They will maintain comprehensive audit documentation, including work papers, testing results, and evidence, ensuring compliance with auditing standards.
  • Annual Audit Plan development. Participate in the development of the annual Internal Audit Plan concerning IT audits.
  • Combined/ Integrated Assurance. Actively participate in the Combined Assurance Model activities such as joint audits, reporting etc.
  • Follow up with key business owners of audited systems or Projects to ensure that any outstanding audit recommendations are implemented.
  • Engage with Project Managers and Executive Sponsors of strategic business projects to identify areas of advisory and assurance review services.
  • Carry out advisory reviews for major IT-related systems, projects and innovations in order to minimize risk and enable the achievement of the Bank’s strategic goals.
  • Perform special projects as assigned by the Head of Internal Audit or Audit Committee such as information security reviews and IT fraud investigations.
  • Develop strategies and innovative ways to improve the department’s ability to identify enterprise risks within IT and develop audit procedures that help ensure these risks are appropriately managed.
  • Oversee follow-up on implementation of actions addressing issues from IT audits.
  • Represent the Head of Internal Audit in meetings when required.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

  • Bachelor’s Degree in Computer Science/Information Technology/Management Information Systems, Finance, Accounting or related discipline.
  • Technical professional certification required (CISA, CPA, CISSP, CISM, CRISC, CGEIT, ITIL).
  • At least 5 years experience in a senior IT Audit or IT Risk management.
  • Ability to develop and manage relationships with different management levels within the bank.
  • Experience analysing data and coding with specialized tools (MS SQL Server, IDEA, ACL, PowerBi).
  • Good knowledge of cyber security audit tools such as Nessus, Nmap, Nikto, Wireshark etc.
  • Full understanding of IT risks in cloud security, cyber security threats, data privacy and compliance, IT Governance, emerging technologies, system disruptions, digital transformation and vendor management.
  • Working knowledge in the areas of financial applications, Windows operating systems, application development lifecycle, data centre operations, network security audits, internet and related technologies, general network technologies, ERP Systems, databases,
  • Familiarity with IT audit tools.
  • Excellent oral and written communication skills.
  • Strategic thinker with good analytical and problem-solving skills.

INVITATION

If you believe you meet the requirements as noted above, please forward your application with a detailed CV including your present position and copies of relevant professional/academic certificates, to the email address indicated below:

[email protected]

Deadline: Wednesday 20th November 2024. Only short-listed candidates will be contacted.

Please note that all recruitment terms and conditions as stated in the HR Policies and Procedures Manual shall apply.

Subscribe to our socials and stay tuned to the latest jobs