NBK Audit Manager, ICT Assurance

Key Responsibilities:

 

• Plan and complete audit assignments involving Information technology and cyber security assurance in consultation with Head ICT Audits according to approved audit plan within the defined timelines.
• Participate and contribute in the risk assessment process for ICT Assurance in the Bank and document the results.
• Participate in the development of risk based audit plans detailing the scope, nature and timing of audit activities.
• Review the systems established to assess compliance with policies, plans, procedures, laws, and regulations which could have a significant impact on cyber security and report on the assurance and compliance levels.
• Monitor and evaluate effectiveness of the ICT risk management system in place and assist as a liaison person in conducting investigations when called upon.
• Develop in consultation with Head of ICT Audits appropriate audit tests and programs aimed at efficiently and effectively checking ICT Assurance levels.
• Stakeholder engagement; agree on issues picked during audit activity and submission of draft report on audit findings by highlighting levels of compliance with key controls, procedures and management policies and regulatory requirements among others.
• Ensure clarity in documentation of issues raised, their impact on business and quality management actions to mitigate the risks.
• Continuously monitor assurance on ICT security and cyber compliance through stakeholder engagement, monitoring of trends and developments and report on the results at agreed intervals or on ad hoc basis as may be required.
• Follow up of audit issue action plans as per stakeholder engagement agreements and track to completion within agreed timelines.
• Follow up recommendations and issue action plans logged from previous audits to ensure their timely closure.
• Continuous review of ICT Assurance audit plan and provide technical expertise to business on controls of existing and incoming ICT Infrastructure and systems, including major projects while maintaining professional independence.
• To support other audit staff by sharing expertise with members supporting ICT assurance.
• Maintain pro-active approach to risk assessment through market intelligence, continuous engagements with stakeholders to understand business dynamics and through data analytics.
• Escalate in a timely manner delays in execution of audit work to Management.
• Perform other related duties that may be assigned from time to time by Management.

 

Qualifications, Experience, Skills & Personal Attributes:

• A Bachelor’s Degree in Computer Science, IT or Engineering in a recognised University.
• CISA professional certification.
• ACCA/CPA / related accounting professional certification are preferred.
• Membership of IIA/ISACA and in good standing is preferred.
• CISM – an added advantage.
• Five (5) years’ experience in an internal audit/ ICT related environment in the financial sector or big 4 external audit firms with at least two years in information/cyber security field.
• Professional independence; exercise objectivity, competence, discretion and courage to raise and escalate matters where applicable.
• Understanding of information and cyber security risk management, processes and associated control requirements.
• Innovation; able to keep up with trends of meeting the demands of internal and external customers and controls thereof.
• Collaboration; forms business partnerships that help drive the Bank’s assurance agenda.
• Multi-tasking; able to manage several concurrent audit assignments and prioritise demands.
• Flexibility and adaptability; ability to keep pace with latest trends in addition to new audit requirements.
• Excellent communication skills; strong and confident, articulate in communicating to both internal and external stakeholders.
• Analytical; capable of managing numerous information sources and providing data analysis reports to Senior Management. 

KCB Group is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation, National Bank of Kenya, and all associated companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in the management of subsidiaries. Related documentation:  Group Name Change,   Name Change Certificate,  KCB Advise on Non-Operating Holding Company,  KCB Group Structure,  Kenya Gazette Notice.