Senior IT Auditor 46 views

About the Organization:

VisionFund Micro Finance Institution (S.C) is an Institution established according to proclamation No. 40/96 to provide financial services to the productive poor in the rural and urban areas of Ethiopia. VisionFund is currently operating in five of the Regional States of the country. VisionFund MFI is currently looking candidates for the position of Senior IT Auditor position based at the Head Office. The successful candidates will have skills and experience that meet the following requirements:

JOB SUMMARY

The primary objective of the job is to perform advanced level and/or professional IT auditing work to analyze and assess the company’s Systems and technological Infrastructure to ensure processes and systems run accurately and effectively, while remaining secure and in compliance with policies and regulations. The Senior IT Auditor participate in developing the strategic and annual IT audit plan and maintains organizational and professional ethical standards set on the internal audit charter and code of conduct.

SPECIFIC DUTIES AND RESPONSIBILITIES: –

•  Document everyday tasks as stated in the Audit plan
• Present Audit status report daily/weekly/monthly
• Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies
• Plan, implement, monitor, and upgrade security measures for the protection of organization’s data, systems and networks
•  Performs information control reviews to include Database system, Network and infrastructures, Core banking application, Operating system, Data center & Disaster Recovery, backup, system security, and other applications
• Directs and/or performs reviews of internal control procedures and security for systems under development and/or enhancements to current systems.
• Perform regular audit testing including but not limited to ethical hacking, observation, assessments, etc.
• Perform audits, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting audited processes and operating procedures.
• Conduct interviews, surveys, reviews documents and prepares working papers.
•  Compiles and prepares reports of audit findings.
• Performing penetration testing or vulnerability assessment of web application, network, wireless, firewall, E-payment infrastructure and application on multi-protocol enterprise systems
•  Conduct rectification follow-up.
• Continuously review and monitor information security implementation at the agreed frequencies
• Share expertise and experience with the audit team.
•  Recommend and negotiate appropriate technical solutions to manage identified risks
• Participate in projects related to the implementation of new technologies and applications.
• Identifies, develops, and documents audit issues and recommendation for improvement using independent judgments concerning appropriate technical solution on the area being reviewed.
• Prepares draft report of findings, final audit report and risk assessment
• Audit and Evaluate new automated information technology related devices
• Assist in communicating the results of audit and consulting projects via written reports and oral presentation on a timely basis to the auditor’s management.
•  Conduct assessment in information systems and corporate activities in order to set audit scope and audit objectives for specific engagements
• Perform fieldwork in accordance with the approved IT Audit program.
• Performs audit in professional manner and in accordance with the approved audit program.
• Follows up on IT Audit findings to ensure that management has taken corrective action(s).
• Perform related works as assigned by audit management.
• Completing all other duties, jobs, responsibilities and roles of an information technology auditor in the MFI, which fall under his/her administrative and supervisory domain and that are assigned to him/her.

•  B.Sc. in Computer Science, Information Science, Management Information Systems, Electrical and Computer Engineering or Information Technology related fields.
•  A minimum of 5 years of work experience, out of which 2 years as IT and System Auditor.
•  Extensive knowledge and skill in applying internal auditing and ICT principles and practices, and management principles & preferred business practices
•  Knowledge of information systems audit or investigation;
• Considerable knowledge of internal audit standards, IT Audit practices and code of Ethics
•  Knowledge on international best practices in IS security and  IS Auditing;
• Knowledge of contemporary risk management and control techniques and working knowledge of contemporary control frameworks
• Ability to promote the ICT audit activity within the institution
• Keeping up-to-date with professional changes in opinions, standards and regulations
• Experience of IT auditing    techniques, disaster recovery planning and testing, IT risk analysis, business resumption and contingency planning
•  Strategic thinking & execution
• A strong drive for results