Ecobank Ghana PLC (Ecobank) was incorporated on January 9, 1989 as a private limited liability company under the Companies Code to engage in the business of banking. Ecobank was initially licensed, to operate as a merchant bank, by the Bank of Ghana on November 10, 1989 and commenced business on February 19, 1990.
In Ghana, Ecobank has grown consistently over the years to become one of the well- recognized corporate brands in the banking industry. Ecobank acquired a universal banking license in 2003 and was listed on the Ghana Stock Exchange (GSE) in July 2006.
The Bank has embarked on a strategic shift from a predominantly Wholesale Bank to a Universal Bank with 67 branches, numerous point-of-sale terminals, several merchant QR codes in shops, with over 200 ATMs well sited around the country.
POSITION: Internal Auditor, Cyber & Information Security
About the job
- Carry out audits and reviews of the Cyber & Information Security of the institution
- Carry out other duties that may be assigned (ARRs, follow-ups etc.)
- Independent assessment of the effectiveness of Information Systems risk management process and practices
Information Systems Audit Objectives
- Cyber & Information Security Risk reviews.
- Provide assurance to the Management on key risks and their management.
JOB PRINCIPAL ACCOUNTABILITIES
INFORMATION SYSTEMS AUDITOR
- Carry out the periodic audit of information systems hosted by the institution and Group operations & Technology done in line with the approved Audit plan.
- Performing research and analysis of Group’s IT systems, cybersecurity posture, capital IT programs, IT contract compliance, and security programs, including personnel structure, architecture, policies and procedures, incident handling, awareness training, disaster recovery and business continuity.
- Preparing and examining technical assessment findings and providing general assistance to the audit staff; assisting in the development of IT and cybersecurity audit plans and programs
- Performing audit procedures and tests necessary to meet audit objectives in compliance with Group Auditing Standards including Information Technology and Security standards; preparing audit work papers, memos, letters and drafting audit report findings and recommendations.
- Assisting in the development, updating, revising, and improving of IT and Security audit procedures and programs and assisting in creating highly technical audit programs in line with international standards and new technology developments within the Group.
- Performing other related work or special studies as may be required
- Performing other related work or special studies as may be required.
- Assess the risk and security exposures associated with all software applications and databases used for the facilitation of banking services to the bank’s customers across all affiliates.
- Assess risk associated with the strategic planning and management of the activities of the information technology platforms in Accra and Lagos.
- Assess risks associated with Information Security, IT Security, business continuity and disaster recovery planning
- Assess risks associated with data security, portable devices, windows office applications and domain controller
- Monitor and escalate key risk issues
- Carry out ad-hoc reviews
- Perform periodic IS Risk Assessments and maintain a technology risk map for institution and Group Operations & Technology
- Review and evaluate new technology products / services and associated risks.
- Independent participation in the review and evaluation of projects related to various information systems. networks, communications and infrastructure
- Special Assignments and reviews.
- Perform other tasks that may be assigned by the Head of Audit and eProcess Internal Audit Manager.
AUDIT RISK REVIEWS:
- Conduct audit risk review of critical platforms and the institution’s operations and issue report on findings
- Test to see if controls are working as they should
- Assist to provide reasonable assurance to management that Cyber & Information Security risk identified are being managed.
AUDIT RISK REVEWS:
- Provide trend analysis on key risks in Cyber & Information Security and recommend solutions
- Interact with all levels of staff, giving feedback on risk and control issues identified during audit reviews
- Provide advisory services to Functional Heads on risk and control weaknesses affecting their respective areas.
- Escalating risk and control issues and concerns to the head of audit for management attention.
- Assist in educating staff on risk the company is exposed to.
- Two (2) years IT audit or directly related experience, (i.e., information systems analysis/development or security administration.
- Demonstrated experience with IT audits, assessment of IT risks and controls, information security and cybersecurity, systems implementation and systems architecture;
- In-depth knowledge of the current cyber threat landscape;
- Knowledge of Cyber Security Analysis, Information systems analysis, development, or security administration;
- Audit expertise in Unix/Linix, Windows, distributed databases, web technologies, enterprise architecture, virtualization and technology infrastructure;
- Microsoft Networking including Active Directory;
- Intermediate level analytical and data analysis skills (e.g. SQL, ACL, or similar tools);
- Understanding of Java and scripting languages (e.g. PERL, Python, PHP, JScript, VBScript, Unix Shell);
- Experience with NIST, PCI-DSS, ITIL, ISO 27001 and 27002, COSO principles or other information security frameworks;
- Knowledge of COBIT control standards, evaluation of internal control environments, diverse computing environment and architecture, including Unix, mainframe, client-server, network, and personal computers.
- Familiar with disaster recovery planning; application and system development life cycles; physical and operational security controls; automated assessment tools and reporting; security management, best practices.
- Proficient in CAAT applications using ACL, SQL, MS Access or MS Excel or other similar tools.
- Strong human relations, analytical, and oral and written communication skills.
- Record of seeking self-improvement through education, certification, training, and staying abreast of current and emerging technologies; and, Knowledge of global banking systems, and system of controls within the banking environment.
- University degree in Computer Engineering and Information Technology or related fields
- Equivalent professional qualification in Information Systems Security and/or Audit
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Cisco Certify Network Associate (CCNA)
- Cisco Certified Network Professional (CCNP) +
- CompTIA Network++
Organization, discretion, vigilance, integrity, rigor, courtesy, good communication skills, availability, ability to work without supervision.
HOW TO APPLY
All qualified candidates should send their resumes/CVs to [email protected]
DEADLINE: The deadline for this application is Friday February 18th 2022.
JOBS TO APPLY
- Job Vacancy At The International Potato Center
- AECI Limited Calls For Job Applications
- Latest Job Opportunity At Pezesha
UNDER NO CIRCUMSTANCE SHOULD AN APPLICANT PAY MONEY TO ANYONE IN GETTING A JOB WE HAVE PUBLISHED