JOB DESCRIPTION IS Control

================================================================================
A. JOB IDENTIFICATION

Job Title: Head IS Control

Unit: IS Control
================================================================================
B. ORGANISATIONAL RELATIONSHIPS

Directly Reports To: Head Internal Control Division

Directly Supervises: IS Control Unit Heads

================================================================================
C. SPECIFIC DUTIES & RESPONSIBILITIES

1. Direct the testing of information systems controls to verify effectiveness and efficiency prior to
implementation across all banks information system assets.
2. Supervise the Identification of legal, regulatory and contractual requirements and Organizational policies and
standards related to information systems to determine their potential impact on the business objectives.
3. Oversee the Identification of potential threats and vulnerabilities for business processes, across the banks
information system assets and ensure adequate controls are put in place.
4. Identify and report on control adequacy, including compliance, to initiate corrective action and meet business
and regulatory requirement
5. Oversee design and implementation of information systems controls in alignment with the organizations risk
appetite and tolerance levels to support business objectives.
6. Design information systems controls in consultation with process owners to ensure alignment with business
needs and objectives.
7. Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to
implement and operate information systems controls at an optimal level.
8. Oversee the monitoring of information systems control design and implementation process to ensure that it is
implemented effectively and within time, budget and scope.
9. Provide documentation and training to ensure information systems controls are effectively performed.
10. Establish control criteria to enable control life cycle management
11. Monitor and maintain information systems controls to ensure they function effectively and efficiently across
all information system assets bankwide...
12. Assess and recommend tools and techniques to automate information systems control verification
processes.
13. Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that
deficiencies are appropriately considered and remediated.
14. Oversee the regular testing of the plan and update for major changes in hardware, applications, business
and regulatory requirements accordingly.
15. Oversee testing and reporting of data backup restorations in accordance with Key.
16. Participate in IT projects and initiatives to bring proactive risk management focus into solutions. Adhering to
principles & value
17. Provide oversight for all security related issues, which included risk management, security, and
technology reviews. Analyze and resolve a variety of configuration errors within the setup of the
company's IT infrastructure.
18. Oversee contract compliance reviews to ensure adherence to payment terms.
19. Direct review of various security scans for the network environment, providing identification of
vulnerabilities and ensuring resolution.
20. Monitor and support the company network while resolving issues on policy infrastructure, spoofed
IP addresses, and reported virus alerts. Performed configurations of network equipment and the
specific commands for configuration changes
21. Ensure adherence to the implementation of Business Continuity and Disaster Recovery (BCP &
DRP) Plans for banks datacenter sites
22. Oversees key exchanges between the IS Control Team and other stakeholders
23. Review bankwide policies and procedures governing corporate security, email and Internet usage,
access control, and incident response across all IT platform
24. Plan and execute risk based reviews; performed surveys of functions and activities, determined
risks for activities in scope and prepare engagement work program. Perform engagement in a
professional manner and in accordance with approved policies and procedures.
25. Prepare exception reports to management on monthly basis stating; discussed observations and
recommend corrective actions to improve IT processes and reduce cost.
 26. Review draft review /investigation report, expressing opinion on the adequacy and effectiveness of
the system and the efficiency with which activities were carried out.
27. Oversee business and process controls assessments, security, networks, operating systems,
databases, change management, interface, and application development controls assessments.
28. Direct System Development Life Cycle (SDLC), disaster recovery & business continuity plans and
IT general controls reviews.-Application testing and certification exercise.
29. Evaluate and advised management on significant new and changing business operations, and
control processes.
30. Oversees review of all IT infrastructure and responsible for resolving all noted exceptions that arise
during the review engagement across Operational, Financial, Compliance, and IT areas.
31. Design, direct, and document control testing and substantive testing in accordance with banks
policy and procedure
32. Oversee application controls evaluation on several in-scope applications, for example (Flexcube,
Bankworld, document management System and channels,) and other legacy systems
33. Direct Perform post-implementation review of all IT projects.
34. Partnering with colleagues, clients and assurance teams to develop, evaluate, test and report on the
adequacy and effectiveness of the control environment
35. Oversees and direct revenue assurance process on all income/expense lines on monthly basis

================================================================================

D. SPECIFICATIONS.

Minimum Education: Bachelors degree, BSC(Computer Sc..or any Numerical), with a minimum of 7years
experience in Information System Control /Audit. CISA or CISSP would be an added advantage.

Formal Training: Business Writing and Reporting skills

Team Building
Coaching and Mentoring
Interpersonal and Communication skills

Required Knowledge, Skills and Abilities:

Writing & Reporting
Expertise &Technology
Analysing
Planning & Organising
Delivering Results & Meeting Customer Expectations
Achieving Personal Work Goals and Objectives
Entrepreneurial and Commercial Thinking.
Report writing skills are required.
Must be able to summarize and communicate technical data to a non-technical
audience.