Role Summary

The role is responsible for conducting individual IT audit assignments/ reviews in accordance with the approved audit plan and making practical/ feasible recommendations for mitigating risks/ improving controls and processes.

You will ensure adherence to internal auditing best practices, including but not limited to the Standards for the Professional Practice of Internal Auditing (SPPIA).

The incumbent will ensure adherence to internal auditing best practices, including but not limited to the Standards for the Professional Practice of Internal Auditing (SPPIA), CoBIT principles and the System Development Life Cycle (SDLC) methodology.

Role Description

Responsibilities to include:

Timely identification and reporting of instances/ risks noted in the individual assignments (pertaining to IT audit assignments/ reviews of systems and IT security and the other functions/ activities that will be assigned as mentioned above) to his superiors that entail probable financial loss or regulatory/ policy non-compliance and could result in monetary penalties/ reputation damage

Adequately cover the respective audit entities (comprising individual IT systems, activities pertaining to IT and IT security and other functions/ activities that will be assigned as mentioned above) on individual assignments conducted to provide assurance to the relevant auditee and executive management on the adequacy and effectiveness of the internal controls in place within the respective system/ function/ area, including the extent of compliance with the applicable manuals/ policies/ procedures and add value to improve the functioning of the various systems in use/ activities performed by IT and IT security, as and where applicable.

Identify and evaluate the risks involved on the individual audit assignments by using the risk assessment methodology/ parameters developed by Group Internal Audit (GIA).

As part of individual system implementation reviews, determine whether test plans and test scripts were in place and actually used, whether testing conducted on the concerned system was adequate and whether all significant issues were resolved/ requirements of the concerned business users met and their sign-offs obtained before moving the system from the test phase to production. Review compliance with the approved SDLC methodology in this regard.

Qualifications

The successful candidate will hold a Bachelor degree in IT or banking or other related subjects.

Professional qualifications such as CISA/ CISSP/ CIA/ CA/ ACCA etc.

Minimum of 5 years experience in IT audit of which 2 years in a senior role with a major bank with specific knowledge of IT audit and IT security issues.

Working knowledge of CoBIT principles, IT security and related best practices, SDLC methodology.

Understanding of Basel Committee best practices pertaining to the area of responsibility, especially with respect to Business Continuity Management (BCM), including Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

Understanding of risk concepts, banking operations/ systems and pertinent regulatory requirements.

Working knowledge of MS Office Suite and Computer Assisted Audit Techniques (CAATs) viz.  Audit Command Language (ACL).