Head Of Internal Audit – ICT and Data Analytics (1 Position(s))
Job Location :
Head Office
Job Purpose:
Responsible for providing leadership and overseeing of internal audit for Information and Communication Technology (ICT), Cyber security and Data analytics audits on achieving the purpose and objectives of Internal Audit Function (IAF).
Main Responsibilities:
Strategic Focus
Working with the Chief Internal Auditor (CIA) on developing and execution of a risk based annual audit plan approved by the Board, reporting and follow up of implementation of audit recommendations for bank’s internal control improvement. The role must provide assurance on design and effectiveness of internal controls, IT risk management framework, cyber security and governance processes relating to ICT operations are adequate and effective and the bank’s ICT policies & procedures, state laws, regulations regarding privacy and security in data processing are adhered to.
Develop and execute the Audit strategy on the Data analytics automation & robotics (AI) and continuous auditing of critical bank’s processes for effective real time monitoring and reporting to Management and Board.
Develop and execution of a risk based annual internal audit work plans and programs for IT audits and Data analytics audits and programs which is approved by the Board.
Develop and execution on the cyber security audit strategy and use of review tools for continuous monitoring and vulnerability assessment assurance on the management cyber security resilience.
Overseeing, planning, and scoping of audit assignments relating to ICT operations, Cyber Security, Data Analytics, Projects and any other areas assigned, determining engagement scope & objectives, conducting risk assessment (including fraud risk assessment), allocating audit resources, defining deadlines and ensuring a comprehensive and appropriate terms of reference is set for each review.
Leadership and People Management Focus
Coaching and providing training that enhances auditor’s knowledge on ICT risks and use of IT tools and analytics, department budget planning and control, also responsible for another stakeholder’s management.
Manage the Audit team, hierarchically and functionally, supporting the direct reports in their professional development through mentoring and coaching, providing constructive feedback including formal performance management. Reach the results through the team; developing and executing the department’s strategy and plan.
Lead discussions with business leaders regarding audit observations and root causes of issues, consulting the CIA.
Consult with Internal Audit Function (IAF) management, risk teams, internal auditors, or the business to identify high risk areas that should be subjected to data analytics on regular basis.
Provide support to internal auditors in using computer-assisted audit techniques.
Review and issue audit reports that meet the required standards for reporting to management and prepare oral or written presentation on those issues at the request of management or at his/her own initiative.
Supervise support on automated audit tools used in the department.
Ensure full compliance, provide oversight as well as monitor the implementation of various consumer protection requirements across business area/Unit.
Operations Focus
Carry out investigations and special audits as requested by management, Board, or red flags noted by auditors.
Stakeholder management within the bank, Bank of Tanzania, and external auditors/consultants
Departmental Budgeting planning, implementation, and cost control
Ensure that audits are carried out in line with International Standards for the Professional Practice of Internal Auditing as issued from time to time by the Institute of Internal Auditors as well as those issued by Information Systems Audit and Controls Association (ISACA).
Provide guidance to Audit Managers /Auditors during audit assignments with emphasis on process understanding, risk identification and assessment, root cause identification and development of recommendations that address the root causes.
Perform follow-up audit reviews to determine the extent to which root causes of issues observed have been closed and supported with sufficient, reliable, and relevant evidence.
Stay abreast of the latest developments in ICT that impact the ICT risks and cyber security in the bank and the possibilities to investigate using ICT.
Identify the relevant operating risks that may affect the bank and assess their likelihood of occurrence and the potential impact on the business.
Review of ICT projects executed by management and appraise on the identified risks and controls and how has been mitigated and recommend appropriate actions for management.
Review audit findings with auditors, appraise the management and prepare report for CIA to the Board Audit Committee raised by external auditors.
Responsible for regular extraction and analytics of data from critical systems of the bank in order to identify control weaknesses for corrective action and provide business Insights and foresight for appropriate management decisions.
Ensure that documentation throughout the audit lifecycle (scoping, understanding processes, identifying risks and controls, assessing controls, and identifying issues) is accurate, reflective of work performed and supports conclusions drawn.
Ensure audit tools are effectively used to bring efficiency and effectiveness in the audit process.
Represent the IAF on various projects that aim at improving risk management, governance and controls surrounding ICT systems in the bank.
Ensure full compliance, provide oversight as well as monitor the implementation of various consumer protection requirements across business area/Unit.
Knowledge and Skills:
Ability to exercise critical thinking and professional skepticism in the audit process.
Solid knowledge of applying internal audit standards (IPPF) by the Institute of Internal Auditors and ISACA Framework to perform value adding internal audit services.
Deep understanding of fraud risk assessment and evaluation of control adequacy in either detecting or preventing fraud incidences in an IT environment.
Knowledge of risks and controls of a bank as well as banking regulations
Analytical mind with the ability to interpret key data/facts.
Eye for detail in checks and balances, rules and processes, risk, and governance.
IT Project management and projects life cycle knowledge
Mastery of using and Knowledge of ICT and audit tools such as data analytics software such as ACL Analytics, DAST & NAST tools, Qualys or Nexpose and audit management software such as teammate, Microsoft vision etc.
A person with integrity, objective mind, and leadership skills ability to influence and motivate teams towards a common goal.
Excellent interpersonal skills and ability to work effectively with colleagues and other management teams.
Multi stakeholder management report to BARCC, Board, regulator, and external auditors
Firm and decisive with ability to negotiate and influence senior/middle managers to facilitate change and improvement.
Ability to communicate at all levels in the bank and external stakeholders such as external auditors and consultants.
A personal commitment to, and good understanding of, diversity and equalities in the workplace.
Qualifications and Experience:
Bachelor’s degree in IT and Computer science from a recognized university
Professional Certification in IT auditing or Cyber security, Data Analytics, or accounting qualification i.e., CIA, ACPA, CISA, CISM, PMO, CPA (T), ACCA or equivalent is a Must.
A Master’s degree is an added advantage.
At least 7 years’ experience in IT audits, out of which 4 should be at managerial level in a bank or an audit firm responsible for financial institutions.
NMB Bank Plc is an Equal Opportunity Employer. We are committed to creating a diverse environment and achieving a gender balanced workforce.
Female candidates and people living with disabilities are strongly encouraged to apply for this position.
NMB Bank Plc does not charge any fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it.
Job closing date : 23-Jan-2024
