Cyber & Information Security, Network and InfrastructureFunction Cyber & Information Security, Network and Infrastructure AuditSub Function Report to: (1)Head, Internal Audit (Ecobank Ghana)Manager, Internal Audit (eProcess , EGH & AWA)II. JOB PURPOSE

• Carry out audits and reviews of the Cyber & Information Security, Network and Infrastructure hosted by the institution
• Carry out other duties that may be assigned (ARRs, follow-ups etc.)
• Independent assessment of the effectiveness of Information Systems risk management process and practices

Information Systems Audit Objectives

• Information Systems Risk reviews.
• Provide assurance to the Board and Management on key risks and their management

III. JOB PRINCIPAL ACCOUNTABILITIES (Key tasks and indicate any additional activities arising from the job)INFORMATION SYSTEMS AUDITOR

• Carry out the periodic audit of information systems hosted by the institution and Group operations & Technology done in line with the approved Audit plan.
• Conduct audit and risk reviews of information systems including the following:
  • UNIX AIX and Windows operating systems
  • Portable devices such as laptops, notepads, smart phones, blackberry phones
  • Data backup / storage, security, availability, integrity, classification and retention
  • Windows Office applications including email
  • Windows domain controller

• Assess the risk and security exposures associated with all software applications and databases used for the facilitation of banking services to the bank’s customers across all affiliates.
• Assess risk associated with the strategic planning and management of the activities of the information technology platforms in Accra and Lagos.
• Assess risks associated with Information Security, IT Security, business continuity and disaster recovery planning
• Assess risks associated with data security, portable devices, windows office applications and domain controller
• Conduct audit and risk reviews of the following Network and Communication Systems but not limited to:
  • The institution’s network and communication platforms
  • Routers
  • Firewalls
  • IDS / IPS
  • Switches
  • Voice / Data / Video
• Conduct audit and risk reviews of Infrastructure including the following:
  • Data Centers i.e. Accra, and Lagos
  • Network and Internet Security
  • Cloud computing
• Design / update I.S Audit programs and checklists for Networks, Communications and Infrastructure in line with international standards and new technology developments within the Group
• Plan and execute risk-based audit of Networks, Communications and Infrastructure
• Monitor and escalate key risk issues
• Carry out ad-hoc reviews
• Perform periodic IS Risk Assessments and maintain a technology risk map for institution and Group Operations & Technology
• Review and evaluate new technology products / services and associated risks.
• Independent participation in the review and evaluation of projects related to various information systems. networks, communications and infrastructure
• Share audit findings and recommendations for corrective action to the head of audit for management.
• Issue draft report within 10 days after completion of all audit assignments.
• Conduct training for colleagues (auditors), in order to improve the knowledge in auditing and enforcing controls in the IT systems.
• Assist in the preparation of quarterly board papers.
• Special Assignments and reviews.
• Perform other tasks that may be assigned by the Head of Audit and Audit Manager, eProcess & EGH

IV. JOB CONTEXT AUDIT RISK REVIEWS:

• Conduct audit risk review of critical platforms and the institution’s operations and issue report on findings
• Test to see if controls are working as they should
• Assist to provide reasonable assurance to management that risk identified are being managed.

V. JOB DIMENSION AUDIT RISK REVEWS:

• Provide trend analysis on key risks and recommend solutions
• Interact with all levels of staff, giving feedback on risk and control issues identified during audit reviews
• Provide advisory services to Functional Heads on risk and control weaknesses affecting their respective areas.
• Escalating risk and control issues and concerns to the head of audit for management attention.
• Assist in educating staff on risk the company is exposed to.

ExperienceVI. JOB SKILLS/EXPERIENCE

• At least six (6) years of hands on database and technology application management and related fields
• Developed a broad and deep knowledge of all operational systems and to perform periodic audits required to enhance operational efficiencies
• Ability to review Network performance by monitoring network devices(routers and switches etc.); evaluating and providing recommendations for resolving network issues; management of network tools; and providing advisory services.
• Ability to assess Network design and provide expert advice to network, operations, and technical support teams
• Ability to review IT Security Framework Design and Implementation.
• Ability to access Security Policy Design, Infrastructure Design and Analysis.
• Ability to perform Identity Management, Firewalls Security Reviews.
• Understanding and use of CAATs for analytics (e.g. ACL).
• Understanding of Risk Assessment Tools and Methodology.
• Proficiency in the use of Structured Query Language (SQL).
• Some programming and/or advanced database skills required.
• Knowledge of audit procedures and institution’s procedures and information technology standards.
• Knowledge of global banking systems, and system of controls within the banking environment.
• The incumbent must be detail oriented with an eye for precision
• Ability to assess network performance by developing a protocol for measurement of results and identification of problem areas.
• Excellent written and verbal communication skills with good presentation skills
• Strong planning and execution skills; ability to set priorities and work under pressure
• Ability to interact and present ideas effectively to all levels of staff
• High level of logical and analytical thinking
• Risk based audit techniques

Education

• University degree in Computer Engineering and Information Technology or related fields
• Equivalent professional qualification in Information Systems Security and/or Audit
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional(CISSP)
• Cisco Certify Network Associate (CCNA)
• Cisco Certified Network Professional (CCNP) +
• CompTIA Network++