Global Information Systems Auditor

FINCA Impact Finance (FIF) believes in the power of Inclusive Finance.

FINCA Impact Finance is a global leader of responsible financial services. We are comprised of 17 full-service banks and microfinance institutions and a holding/shared service company and we serve more than 2.8 million customers with an array of fintech and traditional products and services. We are a double bottom line company that delivers positive social impact and financial sustainability.

We are 9,000 dedicated colleagues who are passionate that financial services can have a positive impact. Most of us live in the communities we serve, and all of us are guided by our values of warmth, trust, and responsible banking.

We welcome candidates with diverse backgrounds and consider people at all career stages. We seek individuals with whom we can build strong and lasting relationships - people who care about and have respect for customers. We look for colleagues who approach their work with joy, innovation, energy, and a sense of service beyond self.

Role Purpose

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Information Systems (IS) Auditor helps organizations by analyzing and assessing a company's technological infrastructure to ensure processes and systems run accurately and efficiently, while remaining secure and meeting compliance regulations.

We are looking to hire an IS Auditor with an analytical mind and expertise in IT systems, applications, and infrastructure. The IS Auditor is expected to have outstanding problem-solving skills, meticulous attention to detail, excellent understanding of technology and cybersecurity, and the ability to work independently.

The IS Auditor is responsible for planning, coordinating, conducting, and reporting on IT audits of networks, applications, security, systems development, and processes. He/she must collect and evaluate data on the organization's systems, practices, and operations, as well as conduct fieldwork, evaluate the IT controls' design and operational effectiveness, and identify problems for solutions.

Accountabilities

• Develop, implement, test, and evaluate IT audit review procedures;
• Examine IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies;
• Participate in the development of the annual IT audit plan;
• Perform IT audit reviews using the established auditing standards;
• Develop IT Audit programs for each assignment;
• Conduct efficient and effective IT audit procedures;
• Provide recommendations and guidance on identified security and IT risks;
• Communicate complex technical issues in simplified terms to the relevant staff;
• Develop a strong understanding of business processes;
• Prepare audit reports and working papers to ensure that adequate documentation exists to support the completed audit and conclusions;
• Prepare and present written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management;
• Follow up on audit findings to ensure that management has taken corrective actions;
• Provide consulting services and assistance in technology-related projects and in the IT risk management process;
• Coordinate and interact with external IT auditors and regulators;
• Keep knowledge up to date with respect to relevant modern IT audit, IT risk management, IT controls, technology, cybersecurity, and IT systems;

Qualifications

• Master's degree in Computer Science, Information Technology, Information Systems, or related field;
• Certified Information Systems Auditor (CISA) highly desired;
• Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Security Specialist (CISSP), Certified ISO/IEC 27001 Lead Auditor, internal auditing or forensic certification a plus;

Experience

• 5 years of full-time experience as an IS/IT auditor;
• IS audit experience in microcredit industry, financial services, commercial banks, audit companies, or central banks is a plus;
• Multicultural and remote audit experience is a plus;

Knowledge and Skills

• Extensive knowledge of and skill in applying ISACA IT Audit and Assurance Standards, Guidelines, and Tools and Techniques, Code of Professional Ethics, and other applicable standards;
• Knowledge of and skill in applying the following international standards and frameworks: COBIT, ISO 27001, NIST Cybersecurity Framework, ITIL, OWASP Top 10, CIS Critical Security Controls;
• Knowledge of current technological developments/trends;
• Understanding of Banking Systems, IT Infrastructures, Network, Database, Cloud (AWS, Azure), Office 365, Endpoint Security, Active Directory, Firewalls, VPN, Data Loss Prevention, IDS/IPS, SIEM, and Web-Proxy;
• Ability to independently conduct IT audits of IT infrastructure, network, various business applications, databases, IT operations, IT projects, key IT processes, and security procedures and standards;
• Ability to review system backup, disaster recovery, and maintenance procedures;
• Ability to gather data, compile information, and prepare reports;
• Basic knowledge of project management, software development methodologies, programming, and SDLC;
• Knowledge of risk management and control techniques;
• Considerable skill in effective verbal and written communications, including active listening skills, negotiation skills, and the skill of presenting issues at the root cause level and recommendations for improvement. Ability to establish and maintain harmonious working relationships with co-workers, staff, management, and external contacts, and work effectively in a professional team environment;
• Problem identification and solution skills by core, conceptual, and analytical thinking;

Language Skills

• Fluency in English is required;
• Fluency in other FINCA working languages, such as Spanish, French, or Russian is a plus.

Ability to travel up to 30% of the time.
It is desirable to have either dual citizenship of Pakistan and the USA or to hold a current US visa due to extensive traveling.