1. JOB REF.:IA4.04
2.TITLE: Systems Forensic Auditor
3.RANK: SBOI/SBOII
4.REPORTS TO: PBO/SPBO Information Systems
5.JOB PURPOSE:To conduct forensic investigations and audits of information technology systems and infrastructures to verify that systems are secure and support the related applications or business processes in the Bank.
6.DUTIES AND RESPONSIBILITIES:
- Designs and conducts investigative audit procedures including disaster recovery, IT Security, system quality assurance, backup and restore,remote access, internet access monitoring, system problem management and, application change control procedures, for various auditable areas.
- Conducts special and adhoc investigations as assigned by Audit Management.
- PreparesAudit and investigation reports for review by the team leader and Internal Audit Management.
- Identifies, assesses and documents risks and controls in the Auditable areas assigned.
- Carries out planning for investigation and Audit assignments.
- Completes testing of the auditable areas assigned within the planned timelines.
- Evaluates and documents the design and operational effectiveness of controls.
- Writes factual, conclusive and precise audit and investigation findings.
- Provides suggestions (recommendations) to management for actions to address control weaknesses identified.
- Conducts periodic follow-up of prior audit recommendations.
- Discusses and agrees the factual accuracy of audit findings with auditees/Audit team Leader as appropriate.
- Updates the Audit team Leader and audit team with audit progress.
- Takes part in Audit spot checks for cash holding areas.
- Proactively takes on additional tasks as requested by the Internal Audit management.
7. EXPECTED OUTPUTS
- IT Strategy reviewed and Assessed for ability to support business goals
- System risks identified and controls assessed for adequacy
- Audit and investigation plans/programs.
- Documented and tested systems and controls.
- Quality audit and investigation reports.
- Accurate and complete working papers.
- Draft audit reports.
8.PERSON SPECIFICATION
A. MINIMUM QUALIFICATIONS
- A First Class or Upper Second Class Honors Degree from an accredited institution in the fields ofComputer Science/Management Information Systems.
- Possess at least one industry certification such as CISSP, CISA, CISM or CRISC.
- Certified Forensic Examiner (CFE)is an added advantage
At least one Penetration testing certification such as, GPEN OSCP, SST or CPT
- Master’s degree is an added advantage.
MAXIMUM QUALIFICATION:
- In addition to the Minimum qualifications,
- Master’s degree
- Certified Forensic Examiner
B. WORK EXPERIENCE:
- 5-7 years of internal or external IT auditing experience.
- Conversant with Information Systems standards/frameworks such as COBITTM, Val ITTM, Risk ITTM, ISO 27001 and ISO 27002 and ITIL.
C. AGE:
28 to 35 years.
D. COMPETENCIES
(i) Technical Competencies
- Investigation skills
- Attack and Penetration Testing skills
(ii) Behavioral Competencies
- Analytical thinking
- Communication & report writing
- Conceptual thinking
- Interpersonal skills
- Team Work
9. DATE LAST REVIEWED
- May 2015
10. VERSION
- 1/2015