Job Purpose

The Assistant Manager, Internal Audit, Information Systems Audit, will lead and coordinate Information Systems audit engagements to assess the adequacy and effectiveness of processes and technology controls, risk management, and governance processes across the Bank. The role involves planning, supervising, and reviewing IT audits covering business and support operations, applications, infrastructure, cybersecurity, data analytics, and third-party environments. The incumbent will provide value-adding assurance, support automation and continuous auditing initiatives, and ensure implementation of audit recommendations and management action plans.

Main Duties and Responsibilities

• Conduct IT risk assessments during annual planning and individual engagements to identify high-risk areas and develop detailed audit programs, objectives, and scopes aligned with the risk-based annual audit plan.
• Lead and supervise audit teams in executing IT audits covering systems, databases, applications, networks, and cloud environments to assess control design and operating effectiveness.
• Review and evaluate IT governance, cybersecurity frameworks, data protection controls, and ICT regulatory compliance.
• Assess the effectiveness of IT risk management, system change management, IT operations, business continuity, and vendor management processes.
• Apply data analytics and automated audit tools to identify control weaknesses, unusual trends, and emerging risks; promote adoption of continuous auditing practices.
• Conduct reviews of cybersecurity controls, vulnerability management, and incident response to ensure resilience and readiness.
• Evaluate adequacy of privacy and data governance controls to ensure compliance with internal policies, laws, and regulatory standards.
• Review workpapers, test results, and draft reports prepared by the Senior Officer or audit team members for quality, accuracy, and completeness.
• Prepare and present concise audit reports summarizing findings, risk implications, and actionable recommendations to management.
• Follow up on remediation of IT audit issues and report progress to the Manager, IS Audit.
• Participate in special reviews, forensic investigations, and ICT project risk assessments as assigned by management.
• Provide on-the-job guidance, coaching, and technical support to audit staff to enhance IT audit and analytics competencies.
• Stay informed of emerging technologies, cyber threats, and audit methodologies to continually strengthen audit effectiveness.
• Ensure that all audits adhere to the Internal Audit Charter, the International Professional Practices Framework (IPPF), and ISACA standards.
• Perform any other duties assigned by the Manager or Head of Internal Audit.

Qualification, Skills and Knowledge

Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Information Systems, or a related field from a recognized institution.
• Professional certification such as CISA, CISM, CRISC, CGEIT, CIA, or related credentials is required; CEH or data analytics certifications are an added advantage.
• At least four (4) years of relevant experience in IT audit, cybersecurity, or technology risk management, preferably within the banking or financial services sector, including experience supervising or leading audit assignments.

Skills, Knowledge and Attributes

• Strong understanding of IT governance, cybersecurity, risk management, IT general and application controls, and frameworks such as COBIT, ISO 27001, PCI-DSS, and NIST.
• Practical knowledge of data analytics, continuous auditing, and audit tools (e.g., ACL, IDEA, SQL, Power BI, Teammate).
• Sound understanding of ICT infrastructure, networking, databases, cloud services, and IT service management (ITIL).
• Excellent communication, report writing, and stakeholder engagement skills with the ability to explain technical issues clearly to non-technical audiences.
• Strong analytical and problem-solving capabilities, with sound professional judgment and attention to detail.
• Demonstrated leadership, coaching, and team coordination skills.
• High integrity, initiative, and ability to deliver results within tight timelines.

Experience

At least four (4) years of relevant experience in IT audit, cybersecurity, or technology risk management, preferably within the banking or financial services sector, including experience supervising or leading audit assignments.

• Conduct IT risk assessments during annual planning and individual engagements to identify high-risk areas and develop detailed audit programs, objectives, and scopes aligned with the risk-based annual audit plan.
• Lead and supervise audit teams in executing IT audits covering systems, databases, applications, networks, and cloud environments to assess control design and operating effectiveness.
• Review and evaluate IT governance, cybersecurity frameworks, data protection controls, and ICT regulatory compliance.
• Assess the effectiveness of IT risk management, system change management, IT operations, business continuity, and vendor management processes.
• Apply data analytics and automated audit tools to identify control weaknesses, unusual trends, and emerging risks; promote adoption of continuous auditing practices.
• Conduct reviews of cybersecurity controls, vulnerability management, and incident response to ensure resilience and readiness.
• Evaluate adequacy of privacy and data governance controls to ensure compliance with internal policies, laws, and regulatory standards.
• Review workpapers, test results, and draft reports prepared by the Senior Officer or audit team members for quality, accuracy, and completeness.
• Prepare and present concise audit reports summarizing findings, risk implications, and actionable recommendations to management.
• Follow up on remediation of IT audit issues and report progress to the Manager, IS Audit.
• Participate in special reviews, forensic investigations, and ICT project risk assessments as assigned by management.
• Provide on-the-job guidance, coaching, and technical support to audit staff to enhance IT audit and analytics competencies.
• Stay informed of emerging technologies, cyber threats, and audit methodologies to continually strengthen audit effectiveness.
• Ensure that all audits adhere to the Internal Audit Charter, the International Professional Practices Framework (IPPF), and ISACA standards.
• Perform any other duties assigned by the Manager or Head of Internal Audit.

• Strong understanding of IT governance, cybersecurity, risk management, IT general and application controls, and frameworks such as COBIT, ISO 27001, PCI-DSS, and NIST.
• Practical knowledge of data analytics, continuous auditing, and audit tools (e.g., ACL, IDEA, SQL, Power BI, Teammate).
• Sound understanding of ICT infrastructure, networking, databases, cloud services, and IT service management (ITIL).
• Excellent communication, report writing, and stakeholder engagement skills with the ability to explain technical issues clearly to non-technical audiences.
• Strong analytical and problem-solving capabilities, with sound professional judgment and attention to detail.
• Demonstrated leadership, coaching, and team coordination skills.
• High integrity, initiative, and ability to deliver results within tight timelines.

• Bachelor’s degree in Information Technology, Computer Science, Information Systems, or a related field from a recognized institution.
• Professional certification such as CISA, CISM, CRISC, CGEIT, CIA, or related credentials is required; CEH or data analytics certifications are an added advantage.
• At least four (4) years of relevant experience in IT audit, cybersecurity, or technology risk management, preferably within the banking or financial services sector, including experience supervising or leading audit assignments.