REF: TNH/HHR/ISA/05/2023

The overall purpose of this role is to independently and objectively assure the hospital’s information system confidentiality, integrity, and availability.

Duties & Responsibilities

• Report in the line of duty to the Internal Audit Manager.
• Participate in the preparation of the annual audit plan in line with key risk areas and strategic priorities of the hospital.
• Review ICT policies and procedures and work instructions for adequacy.
• Evaluate systems processes to determine efficiency, completeness, and accuracy.
• Assess the entire ICT environment from application systems and business protocols to determine whether business objectives are being attained in a secure environment.
• Review the Hospital’s hardware and software to ensure acquisition deployment and disposal processes are in line with best practices.
• Assure security for the entire ICT environment within the Hospital including infrastructure.
• Review information system application servers, backups, IT infrastructure, and network to ensure compliance with policy and best practices.
• Monitor and report on the utility of computer facilities within the hospital for continuous checks and develop reports on findings.
• Test computer general controls within the Hospital to ensure confidentiality and access management are well managed.
• Carry out routine and special audit assignments as requested from time to time and develop reports on findings and recommendations that inform action points.
• Prepare audit reports for review and subsequent presentation to senior management and the Board of Management.
• Conduct integrated audits in collaboration with the operational auditors to ensure the internal environment takes into account the ICT aspect.
• Carry out audit follow-ups for assignments carried out every quarter based on audit report recommendations and develop reports on implementation status and verify.
• Keep abreast on the latest technology and trends to provide input to mitigate emerging threats to the Hospital; and
• Any other responsibilities that may be assigned to the job holder by the supervisor from time to time.

Qualifications

• Bachelor’s degree in information systems, Computer Science, Information Technology, or any other ICT-related field from a recognized Institution.
• Certified Information Systems Auditor (CISA).
• Certified Internal Auditor (CIA)
• Certified Fraud Examiner (CFE)
• Must be up to date with ISACA.
• Member in good standing of ISACA/IIA/ACFE
• Minimum of 5 years relevant experience