Internal Auditor: Cyber & Information Security, Network and Infrastructure - Ecobank

Job Purpose:

• Carry out audits and reviews of the Cyber & Information Security, Network and Infrastructure hosted by the institution
• Carry out other duties that may be assigned (ARRs, follow-ups etc.)
• Independent assessment of the effectiveness of Information Systems risk management process and practices
• Information Systems Audit Objectives 
• Information Systems Risk reviews.
• Provide assurance to the Board and Management on key risks and their management

JOB PRINCIPAL ACCOUNTABILITIES  (Key tasks and indicate any additional activities arising from the job)

Information Systems Auditor:

• Carry out the periodic audit of information systems hosted by the institution and Group operations & Technology done in line with the approved Audit plan.
• Conduct audit and risk reviews of information systems including the following:
• UNIX AIX and Windows operating systems
• Portable devices such as laptops, notepads, smartphones, and blackberry phones
• Data backup/storage, security, availability, integrity, classification and retention
• Windows Office applications including email
• Windows domain controller
• Assess the risk and security exposures associated with all software applications and databases used for the facilitation of banking services to the bank’s customers across all affiliates.
• Assess risk associated with the strategic planning and management of the activities of the information technology platforms in Accra and Lagos.
• Assess risks associated with Information Security, IT Security, business continuity and disaster recovery planning
• Assess risks associated with data security, portable devices, windows office applications and domain controller
• Conduct audit and risk reviews of the following Network and Communication Systems but not limited to:
• The institution’s network and communication platforms
• Routers
• Firewalls
• IDS / IPS
• Switches
• Voice / Data / Video
• Conduct audit and risk reviews of Infrastructure including the following:
• Data Centers i.e. Accra, and Lagos
• Network and Internet Security
• Cloud computing
• Design / update I.S Audit programs and checklists for Networks, Communications and Infrastructure in line with international standards and new technology developments within the Group
• Plan and execute risk-based audit of Networks, Communications and Infrastructure
• Monitor and escalate key risk issues
• Carry out ad-hoc reviews
• Perform periodic IS Risk Assessments and maintain a technology risk map for institution and Group Operations & Technology 
• Review and evaluate new technology products/services and associated risks.
• Independent participation in the review and evaluation of projects related to various information systems. networks, communications and infrastructure
• Share audit findings and recommendations for corrective action to the head of audit for management.
• Issue draft report within 10 days after completion of all audit assignments.
• Conduct training for colleagues (auditors), in order to improve the knowledge in auditing and enforcing controls in the IT systems.
• Assist in the preparation of quarterly board papers.
• Special Assignments and reviews.
• Perform other tasks that may be assigned by the Head of Audit and Audit Manager, eProcess & EGH

JOB CONTEXT      

Audit Risk Reviews:

• Conduct audit risk review of critical platforms and  the institution’s operations and issue report on findings
• Test to see if controls are working as they should
• Assist to provide reasonable assurance to management that risk identified are being managed.

JOB DIMENSION      

Audit Risk Reviews:

• Provide trend analysis on key risks and recommend solutions
• Interact with all levels of staff, giving feedback on risk and control issues identified during audit reviews
• Provide advisory services to Functional Heads on risk and control weaknesses affecting their respective areas.
• Escalating risk and control issues and concerns to the head of audit for management attention.
• Assist in educating staff on risk the company is exposed to.

JOB SKILLS/EXPERIENCE          

Experience:

• At least six (6) years of hands on database and technology application management and related fields
• Developed a broad and deep knowledge of all operational systems and to perform periodic audits required to enhance operational efficiencies
• Ability to review Network performance by monitoring network devices(routers and switches etc.); evaluating and providing recommendations for resolving network issues; management of network tools; and providing advisory services.
• Ability to assess Network design and provide expert advice to network, operations, and technical support teams
• Ability to review IT Security Framework Design and Implementation.
• Ability to access Security Policy Design, Infrastructure Design and Analysis.
• Ability to perform Identity Management, Firewalls Security Reviews.
• Understanding and use of CAATs for analytics (e.g. ACL).
• Understanding of Risk Assessment Tools and Methodology.
• Proficiency in the use of Structured Query Language (SQL).
• Some programming and/or advanced database skills required.
• Knowledge of audit procedures and institution’s procedures and information technology standards.
• Knowledge of global banking systems, and systems of controls within the banking environment.
• The incumbent must be detail oriented with an eye for precision
• Ability to assess network performance by developing a protocol for measurement of results and identification of problem areas.
• Excellent written and verbal communication skills with good presentation skills
• Strong planning and execution skills; ability to set priorities and work under pressure
• Ability to interact and present ideas effectively to all levels of staff
• High level of logical and analytical thinking
• Risk-based audit techniques

Education:

• University degree in Computer Engineering and Information Technology or related fields
• Equivalent professional qualification in Information Systems Security and/or Audit
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional(CISSP)
• Cisco Certify Network Associate (CCNA)
• Cisco Certified Network Professional (CCNP) +
• CompTIA Network++

Personal Attributes:

• Organization
• Discretion
• Vigilance
• Integrity
• Rigour
• Courtesy
• Good communication skills 
• Availability
• Ability to work without supervision.