|Date Posted:||Oct 26, 2019|
|Closing Date:||Nov 26, 2019|
|Work Type:||Full Time|
|Number of Vacancies:||1|
|Functional Area:||Computer Science,Information Technology|
|Salary Range:||As per company salary scaleAF|
|Years of Experience:||5 Years|
|Contract Duration:||Not specified|
About Roshan (TDCA):
Roshan (Telecom Development Company Afghanistan Ltd) is Afghanistanâ€™s leading telecommunications provider, with coverage in over 230 cities and towns and approximately 3.5 million active subscribers. Roshan directly employs more than 1,100 people and provides indirect employment to more than 25,000 people. Since its inception six years ago, Roshan has invested approximately $430 million in Afghanistan and is the countryâ€™s single largest investor and tax payer. Roshan is deeply committed to Afghanistanâ€™s reconstruction and socio-economic development. The Aga Khan Fund for Economic Development (AKFED), part of the Aga Khan Development Network (AKDN), is a major shareholder of Roshan and promotes private initiatives and building economically sound enterprises in the developing world. Also owned in part by Monaco Telecom International (MTI) and TeliaSonera, Roshan brings international expertise to Afghanistan and is committed to the highest standards of network quality and coverage for the people of Afghanistan.
POSITION TITLE Senior Manager Information Systems Audit
Department Internal Audit
Knowledge of IS audit procedures, including planning, techniques, test and sampling methods involved in conducting Information Systems audits.
• Strong Attention to detail and analytical skills
. • Highly motivated, flexible, adaptable and eager to learn.
• Ability to follow through audit tasks in a systemic manner to completion
. • Strong communication skills and the ability to interact with all levels of management, particularly in regard to obtaining management agreement for corrective action recommendations.
• Effective presentation skills of audit findings to senior management. •
Ability to train junior internal audit staff in developing use of effective audit techniques. IT KNOWLEDGE
• Proficient in Microsoft Office (MS Word, Excel, Power Point etc.).
• Good command of English (written and verbal), Experience in writing audit reports.
Duties & Responsibilities:
Implements a risk-based IS audit for the organization in compliance with IS audit standards, guidelines and best practices. 1.2. Plans specific audits to provide assurance that IT and business systems are protected and controlled. 1.3. Reviews IS programs developed by IS auditors to confirm coverage of key IT risks and adequacy of scope. 1.4. Implements processes/procedures to ensure compliance with IS audit standards, guidelines and best practices to meet planned audit objectives. 1.5. Oversees the execution of individual audit engagements by providing guidance and reviewing working papers to confirm adequacy of evidence to support findings and audit opinion 1.6. Provides first level review of audit reports before they are discussed with client 1.7. Communicates emerging IT related issues, potential risks, and audit results to key stakeholders. 1.8. Provides independent advice on the implementation of IS risk management and control practices within the organization. 2. IT GOVERNANCE 2.1. Takes a leading role in providing assurance on the effectiveness of IT governance structures to confirm the adequacy of board control over the decisions, directions, and performance of IT which are aimed at supporting the organization’s strategies and objectives. 2.2. Oversees the evaluation of the organization’s IT policies, standards, and procedures; and the processes for their development, approval, implementation, and maintenance to confirm alignment with business strategy and compliance with applicable regulatory and legal requirements. 2.3. Oversees and coaches IS auditors during the review of management practices aimed at ensuring compliance with the organization’s IT strategy, policies, standards and procedures. 2.4. Oversees and provides guidance to IS auditors in the review of IT contracting strategies and policies, and contract management practices to ensure that they support the organization’s strategies and objectives. 2.5. Guides IS Auditors during the evaluation of IT resource investment, use, and allocation practices to ensure alignment with the organization’s strategies and objectives. 2.6. Takes a leading role in the evaluation of IS risk management practices to ensure that the organization’s IT related risks are properly managed. 2.7. Oversees and provides guidance to IS auditors during the review of monitoring and assurance practices which are aimed at ensuring that the board and executive management receive sufficient and timely information about IT performance. 3. SYSTEM INFRASTRUCTURE AND LIFE CYCLE MANAGEMENT 3.1. Provides a leading role in the evaluation of business cases for proposed system development/acquisition to ensure that they meet the organization’s business goals. 3.2. Takes a leading role in the evaluation of project management frameworks and project governance practices which are aimed at ensuring that business objectives are achieved in a cost-effective manner while managing risks to the organization. 3.3. Supervises reviews to confirm if IT projects are progressing in accordance with project plans and confirm availability of documentation and accuracy of status reporting. 3.4. Supervises the review of proposed control mechanisms for systems and/or infrastructure during specification, development/acquisition, and testing to confirm that they will provide safeguards and comply with the organization’s policies and other requirements. 3.5. Supervises the evaluation of system and/or infrastructure readiness for implementation and migration into production. 3.6. Leads IS audit teams in the performance of post-implementation reviews of systems and/or infrastructure to confirm that they meet the organization’s objectives and are subject to effective internal control. 3.7. Supervises the review of processes by which systems and/or infrastructure is maintained to confirm the continued support of the organization’s objectives and if they are subject to effective internal control. 3.8. Oversees the evaluation of processes by which systems and/or infrastructure are maintained to confirm the continued support of the organization’s objectives and if they are subject to effective internal control. 3.9. Oversees the evaluation of processes by which systems and/or infrastructure are disposed of to confirm compliance with the organization’s policies and procedures. 4. IT SERVICE DELIVERY AND SUPPORT 4.1. Oversees the evaluation of service level management practices to confirm that the level of service from internal and external service providers is defined and managed. 4.2. Oversees the evaluation of operations management to confirm that IT support functions effectively meet business needs. 4.3. Oversees the evaluation of data administration practices to confirm the integrity and optimization of databases. 4.4. Oversees the evaluation of change, configuration, and release management practices to confirm that changes made to the organization’s production environment are adequately controlled and documented. 5. PROTECTION OF INFORMATION ASSETS 5.1. Oversees the evaluation of the design, implementation, and monitoring of logical access controls to confirm the confidentiality, integrity, availability and authorized use of information assets. 5.2. Oversees the evaluation of network infrastructure security to confirm confidentiality, integrity, availability and authorized use of the network and the information transmitted. 5.3. Oversees the evaluation of the design, implementation, and monitoring of environmental controls to prevent or minimize loss. 5.4. Oversees the evaluation of the design, implementation, and monitoring of physical access controls to confirm that information assets are adequately safeguarded. 5.5. Oversees the evaluation of the processes and procedures used to store, retrieve, transport, and dispose of confidential information assets. 6. FOLLOW UP REVIEWS 6.1. Manages IT Audit follow-up review to confirm resolution of issues raised during prior audits. 6.2. Prepares summary reports for Senior Management and the audit committee on the status of irresolution for IS related issues.
Job Location:Afghanistan, Kabul
A bachelor’s degree in Computer Science/Information Systems or equivalence.
• Professional certification in Information Systems auditing like CISA a must.
• Other qualifications like MBA, CA, CISM, CISSP, CIA, CFE, ACCA are an added advantage. EXPERIENCES
• A minimum of 5 years’ experience in a regulated industry or big 4 firm of which 2 years must have been at a