IS Risk Auditor

Application deadline date has been passed for this Job.
This job has been Expired

IS Risk Auditor

  • Post Date:February 10, 2022
  • Views 358
0 Applications
  • Career Level Other
    Qualification Degree
    Experience 3-5 Years
  • Industry ICT
Job Description

Job purpose

To provide risk-based information technology assurance, advisory, and consultancy services. Works as subject matter experts in cybersecurity assurance and investigations. Performs technology controls reviews and data analytics in guiding new products deployments as the business pursues the digital transformation. Safeguarding of financial and reputational risk through detailed reviews of business systems controls, review of commercial services promotions, and certification of results.

Key Responsibilities

  • CyberSecurity vulnerability auditing and testing
  • Reviews compliance of IT department operations to Information Security policies and procedures.
  • Draft and maintain an up-to-date understanding of industry best practices and emerging threats.
  • Recommends security controls, processes, and procedures for the information security governance program, including control document reviews, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
  • Advises internal departments by facilitating information security risk analysis and risk management processes and identifying acceptable levels of residual risk.
  • Follows up on deficiencies identified in audit reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
  • Analyses existing accounts and data access permission requests against documented authorizations.
  • Performs security assessments and security vulnerability scans.
  • Performs security monitoring and reporting analyzes security alerts and escalates security alerts to management.
  • Identifies and resolves root causes of security-related problems.
  • Delivers IT risk & security awareness and compliance training programs.
  • Analyzes reports and makes recommendations for improvements. Communicates reporting results to information security management.
  • Designs and recommends the implementation, and monitoring of logical access controls to ensure the confidentiality, integrity, availability, and authorized use of information assets.
  • Customize and design procedures to investigate cybercrime and information leakage within the organization often in connection with anticipated or ongoing legal action
  • Evaluate strategy developed by IS management and make recommendations in line with group objectives.
  • Executes risk assessments to determine if the adoption of proposed system development/acquisition meets the group’s business goals.
  • Evaluates service level management practices and decides if the level of service from internal and external service providers is adequately defined and managed
  • Evaluate the organization’s disaster recovery plan to ensure that it enables the recovery of IT processing capabilities in the event of a disaster.
  • Design and perform complex analysis of data using various scientific and statistical methods for different business processes or operations reviews across the group.
  • Review of commercial promotions (e.g. Sales & Marketing promotions) and certification of results of promotions in EWPL and Cassava.

Qualification, Skills, and Experience

  • Degree in Computer Science or equivalent
  • CISSP and CISA certification with International Board-Information Systems Audit and Control Association
  • 2 to 4 years’ experience in a similar environment of which, 1 year spent training in practical Cyber Security aspects and at least two years as an IS Risk practitioner.

The closing date for all applications is 13 February 2022

Please note only shortlisted applicants will be responded to