Deputy Manager Internal Audit

About the Company

Our client is a leading deposit-taking Sacco, licensed by the Sacco Societies Regulatory Authority (SASRA), offering a variety of loan and savings products. The Sacco is registered under the Co-operative Societies Act Cap 491 and seeks a dynamic, results-oriented professional to join their team on a three-year renewable contract, subject to satisfactory performance.

Main Tasks & Responsibilities

• Risk-Based Audit Plans:
  Work with the Internal Audit team to develop and implement risk-based audit plans focused on IT systems, processes, and controls.
• IT Audits:
  Conduct thorough audits of IT systems, applications, databases, networks, and infrastructure to ensure compliance with internal policies, industry regulations, and best practices.
• IT Control Evaluation:
  Assess the design and effectiveness of IT controls, including access controls, change management, data integrity, and cybersecurity measures.
• Stay Informed:
  Keep up-to-date with emerging technologies, trends, and regulatory requirements in IT and cybersecurity to proactively address risks.
• Identify Vulnerabilities:
  Identify system vulnerabilities, evaluate risks, and generate audit findings with appropriate recommendations for improvement.
• Policy Review:
  Review system-related policies to ensure compliance with legal, regulatory, and industry standards.
• Operational & Compliance Audits:
  Conduct operational, compliance, financial, and investigative audits as needed.
• Training:
  Assist and train other audit staff on computerized audit techniques and methods for reviewing computerized systems.
• Internal Control Reviews:
  Review internal controls and security measures for systems under development or enhancements.
• Information Control Reviews:
  Conduct reviews focusing on system development standards, operating procedures, system security, programming controls, communication controls, disaster recovery, and system maintenance.
• External Coordination:
  Liaise with external auditors, regulators, law enforcement officials, and other stakeholders to provide necessary reports and insights.
• Audit Reporting:
  Prepare audit findings reports and ensure thorough documentation to support completed audits and conclusions.
• Adaptability:
  Stay adaptable to evolving technology trends, regulatory requirements, and organizational priorities.

Requirements

• Bachelor's degree in Information Technology or a related field.
• CISA (Certified Information Systems Auditor) or CISM (Certified Information Security Manager) certification required.
• Demonstrated understanding of COBIT principles for governance and management of enterprise IT.
• Knowledge of ISO 27001 for evaluating an organization's information security management system.
• Familiarity with GDPR principles in data protection and privacy controls.
• Strong oral and written communication skills.
• CPA (K) or CIA (Certified Internal Auditor) certifications are an added advantage.

Skills and Experience

• At least 5 years of experience in Systems Auditing or working in a Technology-related role.
• Solid understanding of Information Systems Auditing standards and methodology.
• Project management and organizational skills.
• Excellent communication skills to present audit findings and recommendations clearly to diverse audiences.
• Strong collaboration skills for working with team members on risk assessments, planning, and developing audit timelines.
• Proactive approach to learning and working within stipulated timelines.
• Fraud investigation skills