Internal Auditor: Cyber & Information Security, Network and Infrastructure at Ecobank Transnational Incorporated

Cyber & Information Security, Network and InfrastructureFunction Cyber & Information Security, Network and Infrastructure AuditSub Function Report to: (1)Head, Internal Audit (Ecobank Ghana)Manager, Internal Audit (eProcess , EGH & AWA)II. JOB PURPOSE Carry out audits and reviews of the Cyber & Information Security, Network and Infrastructure hosted by the institutionCarry out other duties that may be assigned (ARRs, follow-ups etc.)Independent assessment of the effectiveness of Information Systems risk management process and practices Information Systems Audit Objectives Information Systems Risk reviews.Provide assurance to the Board and Management on key risks and their management III. JOB PRINCIPAL ACCOUNTABILITIES (Key tasks and indicate any additional activities arising from the job)INFORMATION SYSTEMS AUDITOR Carry out the periodic audit of information systems hosted by the institution and Group operations & Technology done in line with the approved Audit plan.Conduct audit and risk reviews of information systems including the following: UNIX AIX and Windows operating systemsPortable devices such as laptops, notepads, smart phones, blackberry phonesData backup / storage, security, availability, integrity, classification and retentionWindows Office applications including emailWindows domain controller Assess the risk and security exposures associated with all software applications and databases used for the facilitation of banking services to the bank’s customers across all affiliates.Assess risk associated with the strategic planning and management of the activities of the information technology platforms in Accra and Lagos.Assess risks associated with Information Security, IT Security, business continuity and disaster recovery planningAssess risks associated with data security, portable devices, windows office applications and domain controllerConduct audit and risk reviews of the following Network and Communication Systems but not limited to: The institution’s network and communication platformsRoutersFirewallsIDS / IPSSwitchesVoice / Data / Video Conduct audit and risk reviews of Infrastructure including the following: Data Centers Accra, and LagosNetwork and Internet SecurityCloud computing Design / update Audit programs and checklists for Networks, Communications and Infrastructure in line with international standards and new technology developments within the GroupPlan and execute risk-based audit of Networks, Communications and InfrastructureMonitor and escalate key risk issuesCarry out ad-hoc reviewsPerform periodic IS Risk Assessments and maintain a technology risk map for institution and Group Operations & TechnologyReview and evaluate new technology products / services and associated risks.Independent participation in the review and evaluation of projects related to various information systems. networks, communications and infrastructureShare audit findings and recommendations for corrective action to the head of audit for management.Issue draft report within days after completion of all audit assignments.Conduct training for colleagues (auditors), in order to improve the knowledge in auditing and enforcing controls in the IT systems.Assist in the preparation of quarterly board papers.Special Assignments and reviews.Perform other tasks that may be assigned by the Head of Audit and Audit Manager, eProcess & EGH IV. JOB CONTEXT AUDIT RISK REVIEWS: Conduct audit risk review of critical platforms and the institution’s operations and issue report on findingsTest to see if controls are working as they shouldAssist to provide reasonable assurance to management that risk identified are being managed. V. JOB DIMENSION AUDIT RISK REVEWS: Provide trend analysis on key risks and recommend solutionsInteract with all levels of staff, giving feedback on risk and control issues identified during audit reviewsProvide advisory services to Functional Heads on risk and control weaknesses affecting their respective areas.Escalating risk and control issues and concerns to the head of audit for management attention.Assist in educating staff on risk the company is exposed to. ExperienceVI. JOB SKILLS/EXPERIENCE At least six (6) years of hands on database and technology application management and related fieldsDeveloped a broad and deep knowledge of all operational systems and to perform periodic audits required to enhance operational efficienciesAbility to review Network performance by monitoring network devices(routers and switches etc.); evaluating and providing recommendations for resolving network issues; management of network tools; and providing advisory services.Ability to assess Network design and provide expert advice to network, operations, and technical support teamsAbility to review IT Security Framework Design and Implementation.Ability to access Security Policy Design, Infrastructure Design and Analysis.Ability to perform Identity Management, Firewalls Security Reviews.Understanding and use of CAATs for analytics ACL).Understanding of Risk Assessment Tools and Methodology.Proficiency in the use of Structured Query Language (SQL).Some programming and/or advanced database skills required.Knowledge of audit procedures and institution’s procedures and information technology standards.Knowledge of global banking systems, and system of controls within the banking environment.The incumbent must be detail oriented with an eye for precisionAbility to assess network performance by developing a protocol for measurement of results and identification of problem areas.Excellent written and verbal communication skills with good presentation skillsStrong planning and execution skills; ability to set priorities and work under pressureAbility to interact and present ideas effectively to all levels of staffHigh level of logical and analytical thinkingRisk based audit techniques Education University degree in Computer Engineering and Information Technology or related fieldsEquivalent professional qualification in Information Systems Security and/or AuditCertified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Certified Information Systems Security Professional(CISSP)Cisco Certify Network Associate (CCNA)Cisco Certified Network Professional (CCNP) +CompTIA Network++