IT System Auditor – Consultant At Strategic Initiative for Women in the Horn of Africa

Position Title: IT System Auditor – Consultant

Location: Kampala, Uganda

Duration of assignment: 03 months

Start date: As soon as possible

Reports to: Compliance Officer

About us: Read more about SIHA’s story and work through link https://sihanet.org/

Background of Assignment:

Following the move to MS365 in October 2022, the organization customized workflows to create a system in October 2023 that ensures continuity and sustainability of the organization processes. Whereas the system has been adopted in the day-to-day operation ability of the organization, there is a need to have an audit to ensure that the processes are are checked to be sure that they are answering the questions that they were created for. SIHA is currently seeking the service of a system auditor to evaluate the MS365 efficiency and security measures to ensure the organization’s data protection and integrity. The consultant will be expected to review various aspects like network security, access control, disaster recovery plan, workflow efficiencies and offer recommendations to address any vulnerabilities, weaknesses and compliance issues, if any.

Objectives:

The main objectives of this assignment are:

  • To ascertain the network security and recommend access control measures across departments
  • To conduct a full review of the existing MS365 system that SIHA has adopted in its business processes
  • To have recommendations that will guide how to improve the system in the day-to-day business processes of the organization.

    Methodology:

    The consultant should adopt the methodology below during the execution of the assignment
    1. Planning: to define the scope of the audit, identify the key risks and objectives, and develop a detailed audit plan. The consultant should also identify the key stakeholders and establish communication channels to ensure that everyone is informed of the audit’s progress.
    2. Risk Assessment: To identify and analyze the risks associated with the IT environment being audited, considering factors such as the organization’s IT policies and procedures, data security, fire wall and compliance.
    3. Testing: To gather evidence to assess the effectiveness of the IT controls in place. This may involve various techniques, such as reviewing documentation, interviewing personnel, and performing technical tests.
    4. Analysis: to review the evidence gathered during the testing phase and compare it to the audit objectives and criteria. The Consultant should identify any gaps or weaknesses in the IT controls and assess the overall effectiveness of the system.
    5. Reporting: Documenting the findings of the audit and making recommendations for improvement. The report should be clear, concise, and provide actionable recommendations that can be used to improve the system and make it hack proof.
    6. Follow-up: The follow-up phase involves monitoring the implementation of the recommendations and assessing the effectiveness of the changes made. This ensures that the system remains secure and compliant with relevant regulations and standards.

    Tasks:

  • Under the supervision of the Compliance Officer and the operations coordinator, the Consultant will carry out the following functions and produce results:
  • To gain understanding of the broad design, architecture, and key controls of the MS365 system at SIHA and create a summary analysis and gaps;
  • To assess the security aspects of the system and identify the gaps and come up with recommendations
  • Assess the extent to which the existing system is addressing the gaps in the business processes with effectiveness and efficiency.
  • Have one on one sessions with users to understand the ease of use and adoption of the system interface
  • Carry out a risk assessment and recommendations with mitigation measures and strategies

Deliverables:
A report detailing the findings from the exercise and recommendations for improvement.

Competencies:

  • Strong interpersonal skills, communication and diplomatic skills, ability to work in a team.
  • Openness to change and ability to receive/integrate feedback.
  • Strong analytical, reporting, and writing abilities.
  • Excellent public speaking and presentation skills

Required Qualifications and experience:

  • Advanced University Degree (Masters) in IT, accounting, finance or related fields or first level degree in combination with a professional certification, i.e., Chartered Accountant, Certified Public
  • Accountant or Certified Chartered Accountant
  • Professional certification of CISA (Certified Information Systems Auditor) is a must
  • Additional professional certifications (CIA, CFE) are desirable
  • Additional professional certifications in information technology are desirable.
  • At least 5 years of practical experience in IT audit, preferably in not-for-profit sector.
  • Expert level knowledge and practical experience in auditing IT governance, security, risk management and management of IT projects.
  • Knowledge in PeopleSoft applications is a plus. Language skills: Excellent writing, editing and oral communication skills in English

How to apply

Interested Candidates are asked to provide their current profile / resume and Cover Letter, expressing their motivation in applying and relevant experience/expertise for this assignment through the link https://airtable.com/appHNyMhgTH7cHVt3/shr2IG2N1oA6cTjGV by 14th June 2024, 11:59pm (EAT). Shortlisting will be done on a rolling basis.

Due to the anticipated volume of applications, please note that SIHA will contact only shortlisted candidates. We thank you for your interest in working with SIHA!

SIHA will not discriminate against any applicant in a manner that violates SIHA’s values or the law. SIHA is committed to providing an equal opportunity for all applicants without regard to race, sex, gender, ethnic origin, age, color, marital status, home responsibility, natal status, different abilities, health, HIV status, culture, beliefs, and social background. SIHA has zero tolerance for sexual exploitation and abuse (SEA) for all employees and related/associated personnel and ensures that roles, responsibilities, and expected standards of conduct in relation to SEA are known within the organization.

Share this job