Department: Internal Audit,
Division: Information Systems Audit,
Section / Unit: Information Security Audit,
Location / Work station: Times Towers, Haile Selassie Avenue, Nairobi or Other Regional Office,
Reporting Relationships
Job Purpose
- The job holder is responsible for carrying out review of the Authority’s Information System security to ensure technology in place and system controls are adequate.
Key Responsibilities / Duties / Task
Managerial / Supervisory Responsibilities
- N/A
Operational Responsibilities / Tasks
- Execute corporate Information System (IS) and related security audits designed to provide assessment of internal control processes and operational performance, in accordance with the Standards for the Professional Practice of Internal Audit as set forth by the IIA, and department standards.
- Assist in preparing detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, development of an appropriate audit program and make necessary recommends for staff and budget to complete the project
- Prepare audit work papers documenting the result of reviews of assigned activities and recommended management action.
- Prepare under minimal supervision draft audit findings on assessment of systems, processes and operations, and management’s planned corrective actions.
- Reviews of internal controls and security of existing systems, under development, new information systems and system changes on existing systems as well as major IT projects and initiatives.
- Carrying out ad hoc special assignments and investigations
Responsibility for Physical Assets
- Responsible for physical assets assigned by the institution.
Decision Making:
- Makes decisions using standard operational procedures.
Working Conditions:
- Works predominantly within the office.
Job Competencies (Knowledge, Experience and Attributes / Skills).
Academic Qualifications
- Bachelors degree in Finance, Accounting, Business, Mathematics, Information Technology
Professional Qualifications / Membership to professional bodies
- Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
- Membership of ISACA
Previous relevant work experience required.
- A minimum of three (3) years operational IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development, project management, or a related field
- Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
- Knowledge of Control Objectives for Information and Related Technology, Accepted Auditing Standards, Standards for the Professional Practice of Internal Auditing.
Financial Responsibility:
Need to know:
- Analytical skills
- Organizational skills
- Computer proficient
Attributes:
- High level of integrity
- Ability to understand business processes and good awareness of functional relationships of Departments within the Authority.
- Ability to apply audit standards through practical application
- Understanding and ability to apply risk and control concepts.
- Analytical skills.
- Oral and written communication skills.
- Excellent relationship management skills.
Note:
- All applications from interested and qualified candidates must be submitted online via the process below.
- ONLY shortlisted candidates will be contacted.
- All applications should be submitted online by 21st September 2020.
- KRA is an equal opportunity employer committed to gender and disability mainstreaming. Persons with Disability are encouraged to apply.
- KRA does not charge for application, processing, interviewing or any other fee in connection with our recruitment process.
