Description:
This position is responsible for providing independent assurance on GA Insurance Limited’s information systems, by ensuring that the risk management procedures, governance processes, and control mechanisms in place are adequate to safeguard the Information Systems of the Company at all times.
Duties And Responsibilities
- Participate in the development, execution, and monitoring of the annual information systems internal audit plan.
- Perform assessments of all the business information systems to evaluate controls adequacy, effectiveness, and efficiency to support business processes.
- Evaluate the adequacy and effectiveness of controls for information systems and technology processes, including those related to data protection, change management, and cyber security.
- Conduct compliance assessments against information security standards, including ISO 27001, NIST Cybersecurity Framework, PCI DSS, and HIPAA guidelines, to ensure data security, regulatory compliance, risk mitigation, and operational efficiency.
- Communicate audit results and recommendations to key stakeholders including management and business process owners.
- Collaborate with the Technology Services and IT security teams to ensure that appropriate controls are in place for optimal operational functionality of Information Systems.
- Stay up to date on emerging technology and security vulnerabilities, and threats in the Information Systems landscape and provide relevant and timely advice to stakeholders where necessary.
- Review the IT governance documents, strategies, policies, contracts, and procedure documents.
- Provide advice in resolving information security incidents.
- Participate in ensuring quality in all work delivered including meeting the standards for working papers, and actively giving insights and supporting the implementation of corrective actions based on recommendations to audit observations.
- Provide support in drafting suitable audit reports highlighting key control weaknesses as well as non-compliance with procedures, policies, and regulatory requirements.
- Participate in the preparation of the Board Audit Committee files.
Education/Qualifications
Job Holder Specifications:
- A Bachelor’s Degree in Accounting, Finance, Commerce, Economics, IT or a related field.
- Professional qualification in information systems audit such as Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Internal Auditor (CIA) is an added advantage.