Manager, Internal Audit – Cyber Security, Technology and Data Analytics at Absa Group

ICT / Computer
Nairobi City
June 20, 2023
Full time
Apply Now

Job Description


With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

To plan, manage and monitor the implementation of management information systems (MIS) activities and processes in order to deliver on approved operational plans in an effective and efficient manner.

Job Description

Manager, Internal Audit (Cyber and Technology)

Job Purpose:

Internal Audit purpose is to provide reliable, valued assurance to the Board and Executive Management over the effectiveness of controls mitigating current and evolving high risks and in so doing enhancing the controls culture within the Group. IA provides independent assurance to the Group CEO, Board Audit Committee and internal stakeholders, as well as certain external stakeholders (typically external auditors and regulators).

The core responsibility of an auditor within Absa is to execute audit assignments in accordance with the Group Audit Plan and relevant policies, procedures, and quality standards.

Key Accountabilities

Audit Delivery and Issue Assurance

  • Develop an in-depth knowledge of the methodology, by attending training sessions and using knowledge gained during audits, use this proactively in executing audit activities.
  • Deliver audit work assigned by the Senior Manager Internal Audit, Technology to a high quality and in accordance with the requirements of the Quality Assurance scorecard.
  • Assist the Senior Manager Internal Audit, Technology with planning and execution of Design Effectiveness and Operating Effectives Testing, uniformly applying the methodology and quality standards, focusing the work on key risks, with minimum supervision from the Senior Manager Internal Audit, Technology.
  • Develop and maintain relationships with key audit contacts on each audit by attending continuous stakeholder meetings. In addition, engage closely with stakeholders during assignments and encourage open discussion and interaction with business on the risks relevant to their environment.
  • Engage proactively with Absa Internal Audit colleagues, during assignments and work collaboratively with the relevant technical team to deliver audit work.
  • Provide guidance to other auditors and peers by sharing business knowledge, and best practice so that audit work meets and sometimes exceeds quality standards.
  • Support the Senior Manager Internal Audit, Technology in the identification of risks to be tested by participating in audit planning sessions.
  • Develop an in-depth knowledge of Absa and the various business areas and use this knowledge to assess risks and controls through identifying, assessing, and documenting risks and controls within the relevant business processes.
  • Evaluate the design and operating effectiveness of controls and document all working papers using the Internal Audit tool for review by the Senior Manager Internal Audit, Technology.
  • Ensure all audit observations and planned actions are factually agreed with management as soon as they arise to ensure timely delivery and issuing of the audit reports. Provide suggestions to stakeholder management on how they can address the control issues identified.
  • Document all working papers in line with methodology requirements. The working papers must be accurate, reflective of work performed and support conclusions drawn.
  • Display professional scepticism, raising and discussing contentious observations with management and provide evidence to support all issues identified.
  • On an ongoing basis throughout the audit, discuss and agree the factual accuracy of audit observations with the Senior Manager Internal Audit, Technology.
  • Provide feedback to the Senior Manager Internal Audit, Technology and audit team with progress and observations raised during the audit by communicating honestly, frequently and effectively. Build and maintain good working relationships with fellow auditors.
  • Participate fully and be supportive in all audits by helping the team where required. Be receptive to learn and seek opportunities to share acquired knowledge with colleagues
  • Continue to update awareness of risk issues and changes across selected business units from interaction with management and provide feedback to the Senior Manager Internal Audit, Technology.
  • Assist in the induction of new joiners, mentoring less experienced team members.
  • Proactively take on additional tasks as requested by the Senior Manager Internal Audit, Technology – which may include managing Issue Assurance and production of team Management Information.
  • Perform Issue Assurance testing and documenting of the working papers in accordance with the requirements of the Methodology.
  • Ensure awareness of available tools and demonstrate competence in ability to utilise digital tools during audits and use of data analytics in all audits able to use data analytics, where possible.

Accountability: Knowledge Management

  • Improve technical knowledge through self-learning or training including mandatory Continuous Professional Education requirements.
  • Share knowledge with AIA colleagues and peers in the business.
  • Develop and enhance learning through seeking coaching, training and continual feedback
  • Coach new joiners and trainees on how to apply the methodology. In addition, to proactively share knowledge of within the team, leading a session at a team meeting.
  • Build knowledge of business and culture in business units as assigned by the Senior Manager Internal Audit, Technology
  • Knowledge of key regulations, including FIC, KYC and AML, Sanctions, for business areas / locations within remit

Accountability: Reporting

  • Prepare audit observations and make sure that they are concise, factually accurate and cover all of the significant issues. The observations must be insightful, address the root causes, and have agreed actions that fully mitigate the risk.
  • Assist the Senior Manager Internal Audit, Technology where required, in the drafting of the audit report in line with methodology requirements and as per the requirements of the Balanced Scorecard.
  • Assist in compilation of various governance reporting pack and ongoing business monitoring that impacts overall risk profile of the BU/Function business. This includes attending relevant governance committees where applicable and document the business monitoring workpaper accordingly.

Accountability: Relationship management

  • Develop and maintain relationships with accountable management on each audit.
  • Present effectively at stakeholder meetings and forums (e.g.: Risk and Governance forums) to share knowledge and information including methodology, standards, changes and new developments with business stakeholders on an ongoing basis.

Risk and Control responsibilities:

  • Understand and adhere to the appropriate Absa Policies and Standards applicable to the role.
  • Understand and manage risks and risk events (incidents) in the role thereby contributing to the adherence to the Absa Risk and Control Framework.
  • Complete all mandatory training as required.

Preferred Qualification

  • B Degree (Computer Science, Information Technology, Cyber Security, Informatics, Statistics or similar technology-related field); and/or
  • Honours (Computer Science, Information Technology, Cyber Security, Informatics, Statistics or similar technology-related field)
  • CISA or CISM, CISSP or equivalent certification.
  • CIA (Levels 1,2 or 3) and CPA (T) or ACCA will be an advantage

Preferred Experience

  • Audit roles – experience in risk-based auditing or risk/control activities.
  • Relevant professional qualifications (e.g. CISA)
  • Practical understanding of relevant regulatory environment
  • Proven track record of high performance in previous roles
  • Experience in auditing at senior level for at least 5 years

Knowledge And Skills

  • Minimum of 4 years’ experience in Internal/External audit or commensurate experience in a major financial institution
  • 2 years’ experience in Risk Based Auditing or Risk/Control activities

Behavioral Competencies

Competency

Competency definition/descriptor

Level

Drive for Results

  • Manage audits which are efficient including the most effective use of resources and systems.
  • Prioritise effectively to deliver on time.
  • Advanced

Learning and researching

  • Be quick to learn and seek opportunities to share this knowledge with colleagues.
  • Advanced

Team Player

  • Seek feedback from the team expanding on strengths and acting quickly to address anything which negatively impacts effectiveness.
  • Mentor, coach and train individuals within their team.

Advanced

Adapting and responding to change

  • Embrace change, support departmental initiatives and lead through example to devise and implement solutions.

Advanced

Technical Competencies

Competency

Competency definition/descriptor

Proficiency level

Knowledge of IT General Controls, COBIT, ITIL, ISO 27001/NIST, CISSP, Penetration Testing skills and Advanced Data Analytics

  • Knowledge of risks associated with the following IT processes: application development, change and release management, incident and problem management, software asset management, IT Risk management, security management, data management.
  • Knowledge of risks associated with the following technologies: databases (Oracle, SQL Server, DB2, CICS), Windows, VMS, AS/400, Unix, HP-Non Stop (Tandem), Mainframe and RACF, Networks and firewalls, External threat assessment and management, Internet infrastructure, Cryptography and data analytics

Expert

Quality, High Standards and Controls

  • Consistently apply IA methodology in developing an audit approach which is innovative, focused on key risks and controls and has efficient test strategies.
  • Develop a strong knowledge of their aligned business area. Shares this knowledge with others
  • Use their knowledge to assess the evolving risks on each audit assignment.
  • Raise observations that are insightful, accurate, address the root cause and add value to the business.

Advanced

Communication / Influence

  • Produce observations and audit reports which are concise and consider the perspective of business stakeholders and address the root cause.
  • Adhere to report issuance KPIs.
  • Contribute insightful information to IA Management Information.
  • Communicate in an open, candid and complete manner to IA and business management stakeholders, making a strong & positive impression on others.
  • Listen effectively and actively probe for new and diverse ideas, encouraging others to share their opinion.

Fundamental

Quality, High Standards and Controls

  • Consistently apply IA methodology in developing an audit approach which is innovative, focused on key risks and controls and has efficient test strategies.
  • Develop a strong knowledge of their aligned business area. Shares this knowledge with others
  • Use their knowledge to assess the evolving risks on each audit assignment.
  • Raise observations that are insightful, accurate, address the root cause and add value to the business.

Fundamental

  • Application feedback – 26th June 2023***

Education

Bachelor`s Degrees and Advanced Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)

Related Jobs