Glory Ninsiima, CISA, CompTIA Security+, ISO 27005, ISO 31000, ITIL Foundation, PRINCE2 Foundation
Is a certified risk manager and IT auditor with eight years of experience in information systems management and IT auditing, mainly in the banking industry. Currently, she is a senior IT auditor with the central Bank of Uganda where she participated in the implementation of IT systems that facilitated the transition from manual processing to automation of all government and nongovernment payments processed by the Central Bank of Uganda. Ninsiima serves as secretary of the ISACA Kampala (Uganda) Chapter and also as the representative of the African region on ISACA’s International Chapter Liaison Working Group. She is also a member of the Institute of Internal Auditors.
What is the biggest security challenge that will be faced in 2019? How should it be addressed?
Data leakage will continue to be the biggest security challenge faced as digitalization increases every day.
What are your three goals for 2019?
What is your favorite blog?
ISACA’s Nexus, Bright Talk and Gartner. I also enjoy health-related blogs.
What is on your desk right now?
The organization I work for enforces a clear desk policy, so currently there is a cup of warm water, a glass of passionfruit juice, a notebook to keep track of today’s assignments and a desktop computer on which I am typing this.
Who are you following on Twitter?
I mostly follow cyber-related tweets and ISACA international news.
How has social media impacted you professionally?
Social media has helped increase my professional network and keep abreast of the latest news in technology.
What is your number-one piece of advice for other IT audit professionals, especially women?
Be bold. Do not wait for the perfect moment; that moment is now. Use the resources at your disposal to get to the next level.
What do you do when you are not at work?
I enjoy reading inspirational stories, fine dining and spending time with family and friends.
How do you think the role of IT auditor is changing or has changed?
In the past, the role of the IT auditor was to assess the technical environment and report on the control weaknesses. Today, the IT auditor is taking on an advisory role to management on IT-related issues. The IT auditor needs to be able to translate technical information into operations language that the business can understand and from which it can derive value. Management needs assurance that it is deriving value from IT investments, that the suggestions being made by the IT department are strategically driven and will deliver as promised and that the security posture of the organization is strong. It is the role of the IT auditor to review the governance of IT, IT risk and investment, and give feedback to management in the form of recommendations.
The IT auditor needs to look forward internally and externally and identify issues that could affect business performance, assess the control environment against these and advise management on the best way to avert future risk. Technology changes at a rapid pace and IT auditors needs to adapt and think innovatively about how the organization can improve its control environment to guard against evolving threats. As the world moves toward artificial intelligence (AI), the role of the IT auditor leans into data analysis and forensics. The IT auditor also must evaluate risk from the perspective of achieving the organization’s strategic objectives.
What leadership skills do you feel are critical to be successful in the technology fields?
Patience and the ability to explain and elaborate the value of what practitioners are delivering, especially to a nontech-savvy audience. Soft skills go beyond any knowledge that one may have. Practitioners must also be competent and firm without being excessively aggressive, as this may overshadow or distract from a well-intentioned message.
What is the best way for someone to develop those skills?
Develop and harness emotional intelligence. Take up opportunities to lead that are not work related to help prepare for leadership roles. Get a mentor and request feedback from trusted colleagues. One should know their strengths and capitalize on them, for there lies one’s ability to shine. Being competitive and comparing oneself with others only breeds frustration. Know what you are good at and do it. The rest falls in place.
What advice do you have for IT audit professionals as they plan their career paths and look at the future of IT auditing?
It is important to network. Use social media to advance your career and put yourself out there. Facebook, Twitter and LinkedIn are great places to learn more about what is going on in the technology field, get to know the buzz in the profession, understand the latest trends and learn how other professionals are conducting themselves.
Great communicators capture an audience and easily get buy in from board members and management. Polish your communication and interpersonal skills for these go beyond technical knowledge.
Find a mentor or make friends with someone you admire in the field and seek their guidance by asking them specific questions about their experience and advice.
What do you think are the most effective ways to address the lack of women in the technology workspace?
The number of women who pursue computer science at the university level is typically lower than males and it drops as the students conclude university and choose career paths. This is not helped by the fact that there is a decline in the number of women pursuing science or computer-related courses. These facts make it difficult to have women role models in this industry.
Programs such as ISACA’s SheLeadsTech are a great way to increase the representation of women in technology and encourage taking up leadership roles in this field. They give a sense of identity and security to the women in the field, they provide an opportunity to share challenges and inspire women to take up leadership roles and be good at them in a male-dominated field. Such programs also encourage women who have been in the field to stay longer. Support and encouragement from women who have made it in this field gives witness to those starting out that it is possible to join this profession and make it; this reduces the attrition rate of women from the profession. As women, we need to rise up and boldly take on challenges that give us visibility. We must have a mind-set that believes we can. Mentorship programs are also great channels to increase the number of women in technology.
Earning certifications that will make one recognized at the international level goes a long way and gives one a competitive advantage to climb the career ladder. Also, organizations should consider having favorable maternity leave policies and gender balance recruitment programs as part of their organizational culture.
Women need to promote themselves and female colleagues in their work environments. Correcting the gender imbalance in the technology field is not an issue that will be solved overnight. It is a work in progress that calls for the input of organizations, women in the field, those intending to join, those exiting and the technology industry at large.
What has been your biggest workplace or career challenge and how did you face it?
When I joined the audit profession, I soon found out that internal auditors are the least favorite people in an organization. I had to develop thick skin and realize that the work I do as an IS auditor adds value to the business, improves operations and helps the business see the value of a stronger control environment through implementation of recommended changes. All of that proved encouraging. As the years have progressed, I have found it to be a rewarding profession because one gets to know enterprise operations in its entirety and, therefore, has an edge over the rest in managing operations or during an interview. An auditor can easily work in any field they have audited.