Provide guidance on IT control management matters, particularly on application and infrastructure security.
Perform regular risk assessment of IT infrastructures which include risk analysis & threats assessment, enterprise security management process, and computer, and communication security including identifying areas where business units should consider additional investment and areas where internal audit should focus.
Perform continuous examination of existing internal IT and system controls, evaluate the design and its operational effectiveness, assess exposure to risk, and develop remedial strategies in the organization.
Assist in devising and implementing controls to minimize business risks arising from weaknesses within the business systems and IT infrastructures of the organization.
Provide continuous assurance to the business on the effectiveness and adequacy of system, process, and technology controls as well as other safeguards/measures put in place by management for the realization of business objectives.
Assess the adequacy of system configuration and change management process, backup and disaster recovery, software development processes, and logical access controls.
Participate in the conceptualization and implementation of new IT-driven business projects or optimization/upgrade of existing systems and business solutions to ensure that controls that meet business requirements are embedded at all levels of the system.
Actively follow up on all open control issues in the Internal Control and Audit Reports, Management letter, and Regulatory Examiners report as it relates to IT reviews.
Monitor developments in the information system and technology space with a view to proactively identify potential risks and recommend solution
Keep abreast of the updates in the global technology world to identify emerging risks and opportunities that can be domesticated in the Company.
Participate in UATs and change management meetings.
Perform miscellaneous job-related duties as assigned by the IT Systems Auditor and Head of Internal Control and Audit.
Requirements
BSc degree in Computer Science, Information Technology, or other technology-related degrees.
Applicable IT Certification is a plus (e.g., CISA/CISM/CRISC/CISCO)
Minimum of 3 years experience performing IT Audit/Control functions
