Role Summary :
Ensure adequate coverage of the information systems and activities pertaining to IT and information security in the annual audit plan to provide assurance to the relevant auditee management, executive management.
Group Audit & Compliance Committee and the Board on the adequacy and effectiveness of the internal controls in place within the respective system / function / area and add value to improve various systems in performed by IT and IT security, as and where applicable.
Implement and execute the plan approved by the Group Audit & Compliance Committee and ensure completion of the same within the assigned period as instructed by the Principal Specialist Domestic & International IT and IS Audit.
Also responsible for submitting status reports on the various assignments in progress to the Principal Specialist Domestic & International IT and IS Audit explaining the reasons for the delay in completion of individual assignments, if applicable.
Develop and implement appropriate risk assessment methodology / parameters and criteria in consultation with the Principal Specialist Domestic & International IT and IS Audit to facilitate evaluation of the individual systems either already in use or under development and other IT and IT security related functions / processes / activities and related procedures based on the risk involved in the referenced function / activity / area and its potential impact on the Group’s objectives and strategy.
Oversee on day-to-day basis, the individual assignments comprising the approved plan to ensure that these are being conducted in accordance with the best practices for internal auditing, including but not limited to SPPIA recommendations / guidelines and CoBIT principles.
Responsible for determining the existence and adequacy of the SDLC methodology during the review of select information systems and comment upon the same.
Ensure that such reviews focus on determining whether test plans and test scripts were in place and actually used, whether testing conducted on the concerned system was adequate and whether all significant issues were resolved / requirements of the concerned business users met and their sign-
offs obtained before moving the system from the test phase to production.
Bachelor degree in IT or banking or other related subjects.
Relevant and Recent experience in Core Banking / Retail IT Audits.
Professional qualifications such as CISA / CISSP / CIA / CA / ACCA etc.
Minimum of 8 years experience in IT audit function in a major bank or leading audit firm out of which 5 years in a managerial role.
Proficient knowledge of CoBIT principles, IT security and related best practices, SDLC methodology
Strong understanding and audit experience of Banking systems and applications is essential.