Internal Auditor: Cyber & Information Security, Network and Infrastructure at Ecobank

About The Job

Report to:

Head, Internal Audit (Ecobank Ghana)
Manager, Internal Audit (eProcess , EGH & AWA)

Job Purpose:

Carry out audits and reviews of the Cyber & Information Security, Network and Infrastructure hosted by the institution
Carry out other duties that may be assigned (ARRs, follow-ups etc.)
Independent assessment of the effectiveness of Information Systems risk management process and practices
Information Systems Audit Objectives
Information Systems Risk reviews.
Provide assurance to the Board and Management on key risks and their management

JOB PRINCIPAL ACCOUNTABILITIES (Key tasks and indicate any additional activities arising from the job)
Information Systems Auditor:

Carry out the periodic audit of information systems hosted by the institution and Group operations & Technology done in line with the approved Audit plan.
Conduct audit and risk reviews of information systems including the following:
UNIX AIX and Windows operating systems
Portable devices such as laptops, notepads, smart phones, blackberry phones
Data backup / storage, security, availability, integrity, classification and retention
Windows Office applications including email
Windows domain controller
Assess the risk and security exposures associated with all software applications and databases used for the facilitation of banking services to the bank’s customers across all affiliates.
Assess risk associated with the strategic planning and management of the activities of the information technology platforms in Accra and Lagos.
Assess risks associated with Information Security, IT Security, business continuity and disaster recovery planning
Assess risks associated with data security, portable devices, windows office applications and domain controller
Conduct audit and risk reviews of the following Network and Communication Systems but not limited to:
The institution’s network and communication platforms
Routers
Firewalls
IDS / IPS
Switches
Voice / Data / Video
Conduct audit and risk reviews of Infrastructure including the following:
Data Centers i.e. Accra, and Lagos
Network and Internet Security
Cloud computing
Design / update I.S Audit programs and checklists for Networks, Communications and Infrastructure in line with international standards and new technology developments within the Group
Plan and execute risk-based audit of Networks, Communications and Infrastructure
Monitor and escalate key risk issues
Carry out ad-hoc reviews
Perform periodic IS Risk Assessments and maintain a technology risk map for institution and Group Operations & Technology
Review and evaluate new technology products / services and associated risks.
Independent participation in the review and evaluation of projects related to various information systems. networks, communications and infrastructure
Share audit findings and recommendations for corrective action to the head of audit for management.
Issue draft report within 10 days after completion of all audit assignments.
Conduct training for colleagues (auditors), in order to improve the knowledge in auditing and enforcing controls in the IT systems.
Assist in the preparation of quarterly board papers.
Special Assignments and reviews.
Perform other tasks that may be assigned by the Head of Audit and Audit Manager, eProcess & EGH

JOB CONTEXT
Audit Risk Reviews:

Conduct audit risk review of critical platforms and the institution’s operations and issue report on findings
Test to see if controls are working as they should
Assist to provide reasonable assurance to management that risk identified are being managed.

JOB DIMENSION
Audit Risk Reviews:

Provide trend analysis on key risks and recommend solutions
Interact with all levels of staff, giving feedback on risk and control issues identified during audit reviews
Provide advisory services to Functional Heads on risk and control weaknesses affecting their respective areas.
Escalating risk and control issues and concerns to the head of audit for management attention.
Assist in educating staff on risk the company is exposed to.

JOB SKILLS/EXPERIENCE
Experience:

At least six (6) years of hands on database and technology application management and related fields
Developed a broad and deep knowledge of all operational systems and to perform periodic audits required to enhance operational efficiencies
Ability to review Network performance by monitoring network devices(routers and switches etc.); evaluating and providing recommendations for resolving network issues; management of network tools; and providing advisory services.
Ability to assess Network design and provide expert advice to network, operations, and technical support teams
Ability to review IT Security Framework Design and Implementation.
Ability to access Security Policy Design, Infrastructure Design and Analysis.
Ability to perform Identity Management, Firewalls Security Reviews.
Understanding and use of CAATs for analytics (e.g. ACL).
Understanding of Risk Assessment Tools and Methodology.
Proficiency in the use of Structured Query Language (SQL).
Some programming and/or advanced database skills required.
Knowledge of audit procedures and institution’s procedures and information technology standards.
Knowledge of global banking systems, and system of controls within the banking environment.
The incumbent must be detail oriented with an eye for precision
Ability to assess network performance by developing a protocol for measurement of results and identification of problem areas.
Excellent written and verbal communication skills with good presentation skills
Strong planning and execution skills; ability to set priorities and work under pressure
Ability to interact and present ideas effectively to all levels of staff
High level of logical and analytical thinking
Risk based audit techniques

Education:

University degree in Computer Engineering and Information Technology or related fields
Equivalent professional qualification in Information Systems Security and/or Audit
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional(CISSP)
Cisco Certify Network Associate (CCNA)
Cisco Certified Network Professional (CCNP) +
CompTIA Network++

Personal Attributes:

Organization
Discretion
Vigilance
Integrity
Rigor
Courtesy
Good communication skills
Availability
Ability to work without supervision.