Reports to Head of Internal Audit, Risk & Compliance
2.0 SERVICE DESCRIPTION
2.1 Main Purpose of the Section with Reference to this Position
The Internal Audit, Risk and Compliance Department is responsible for planning, executing and reporting on operational, financial, governance and compliance related audit / reviews of the Hospital and its associated operations. A secondary role is to provide advice on internal controls to the management and Board of Trustees of the Hospital, including responding to activities on risk management and compliance techniques.
2.0 Main Purpose of this Position
Working as a trusted, independent advisor with management, the Information Systems Auditor should know how to apply risk and control concepts to scenarios encountered, while identifying potential issues. As part of the Hospital’s Internal Audit, Risk & Compliance Department, the S/he is responsible for performing and completing internal audits, in line with the annual internal audit plan. This responsibility includes performing internal audit procedures and preparing internal audit reports reflecting the results of the work performed.
2.1 Key Responsibilities of the Position
2.1.1 Provide audit services in accordance with IT audit standards to assist the organization with protecting and controlling information systems.
2.1.2 Prove assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.
2.1.3 Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategy and objectives.
2.1.4 Provide assurance that the process for information systems operations, maintenance and service management meet the organization’s strategy and objectives.
3.1.5 Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.
3.1.6 Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
3.1.7 Identify opportunities for process improvement in IT policies and practices.
3.1.8 Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.
3.1.9 Maintain professional and technical knowledge by attending educational workshops
3 STAFF QUALIFICATION AND COMPETENCIES
3.1 Education and Professional Training
3.1.1 Bachelor’s degree in BBIT, Computer Science, IT OR Accounting, Finance or a related field
3.2.1 Full or Part Certification as a Certified Information Systems Auditor (CISA) or other relevant IT Certification such as a Certified Network Engineer or Certified Security Professional
3.3.1 Analytical and critical thinking;
3.3.2 Communication skills;
3.3.3 Data mining and analytics
3.4 Knowledge & Experience
3.41 3-5 years working experience which should be in an auditing and/or risk management and compliance assurance role;
3.4.2 Technical Knowledge of Enterprise Resource Planning (ERP), Networking (Routing & Switching), Relational Databases, Programming, Web Application Development & Cloud Technologies
3.4.3 Experience with Computer Aided Auditing Tools (IDEA CaseWare, Audit Command Language, TeamMate, etc.)
3.4.4 Experience in Information Systems Advisory Services
3.4.5 Knowledge of COSO Enterprise Risk Management Framework
3.4.6 Knowledge of COBIT, NIST, CMM
4 PRACTICE PRIVILEGES
The role holder is privileged to carry out the following:
4.1 Access all data, records, information and documentation for audit, risk assessment and compliance review purposes