The following position is vacant in a leading bank. Applicants NOT fulfilling experience, educational and knowledge requirements need not apply.
Reporting Line: Directly to IT / IS Audit Manager / subsequently to Head Office Audit In-charge
- Plan annual audits
- Execute audit programs and test steps, perform and review audits
- Review security policies and procedures
- Ensure new technologies meet security requirements
- Undertake technical security tasks, such as vulnerability assessments, penetration testing, servers hardening, log monitoring, etc.
- Improve information security continually in the organization by providing security advisories for vulnerabilities, patches, etc.
- Follow-up with management on audit report responses to ensure compliance.
- Draft complete and detailed audit reports and recommend value added solutions.
- Communicate with Head of functional audit regarding audit and project status.
- Other duties as required by the management
Applicant must have knowledge of:
- Understanding of audit methodologies
- Software development lifecycle / methodologies / programming languages
- Network topologies / security concerns
- Database design / queries
- Banking / financial information systems
Preference will be given to people with knowledge of:
- Regulatory requirements regarding information systems and related concerns
- Risk-based auditing approach
- COBIT / ITIL frameworks
- ISO 27001:2005 standard for IT Security
- BS-25999 for Business Continuity
- Bachelors and/or Masters degree preferably in IT/Computer Systems
- Certifications such as CISA/CIA are desirable
- IT related certifications such as CCNA/CCNP/SCJP are preferred but not mandatory
- Minimum of 2 years field work in IT
- Minimum of 2 years IS Auditing experience