The Nigerian Stock Exchange services the largest economy in Africa, and is championing the development of Africa’s financial markets.
The Exchange offers listing and trading services, licensing services, market data solutions, ancillary technology services, and more. It is an open, professional and vibrant exchange, connecting Nigeria, Africa and the world.
JOB TITLE: IT Auditor
This jobholder has the responsibility of reviewing and evaluating (wholly or partly) the NSE automated information processing systems, related non-automated processes and the interfaces between them in order to determine the risks that are relevant to information assets, and assessing and evaluating controls in order to reduce or mitigate these risks. She/he is also expected to evaluate the reliability of data from IT systems which have an impact on the financial statement. She/he is to ascertain the level of compliance with applicable laws, policies and standards in relation to IT as well as check if there are instances of extravagance, inefficiencies and wastage in the use and management of IT systems.
Review of System Access Controls
- Review and ensure that access control strategy aligns with the corporate identity policy and the IT architecture of NSE;
- Review and ensure that a unique identity is used to initiate a transaction and ensure that user is currently authorized to perform such action;
- Violation monitoring: ensuring that access violations are identified. e.g. resigned staff accounts still active on NSE applications
Reviews of Change Management
- Ensure 100% compliance to change management procedures to handle in a standardized manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms;
- Assess the control risk associated with change request of changes within IT infrastructure and Applications
Post-Implementation Reviews of IT Projects
- Reviews to identify risks introduced during the vendor selection, pre-implementation and golive due to system adaptation for NSE’s Users and processes;
- Review and ensure that key controls were embedded through the application acquisition lifecycle and go-live of various applications and processes
Business Continuity Reviews
- Review to ensure continuous operations of business applications (X-stream, Sage etc.) in the event of fires, terrorist attacks, extended power failures, equipment and telecommunications failures;
- Review appropriately identified risks focusing on NSE processes and known potential risks that affect continuity of IT operations and services;
- Ensure that costs of implementing and managing continuity assurance are less than the expected losses and within management’s risk tolerance
Revenue Assurance Audit
- Review of the various income heads in the books of the NSE;
- Ensure that income streams protected from income leakages due to wrong configuration or manual process for collection of incomes
Continuous Auditing of IT Related activities
- Ensure that the following activities carried out by IT are reviewed
- Reviews of IT implementation and ensure that the meet the needs of users
- Ensure that the disaster recovery processes in the NSE, would available and sufficient enough to withstand major disruptions to our information systems
- Continuous auditing of x-stream and ensure that data from the application are accurate
Audit of IT Governance
- NSE’s IT senior management team is engaged in aligning IT strategic plans with current and future business needs
- NSE’s IT performance monitoring and evaluation process reviews: definition of relevant performance indicators, systematic and timely reporting, and timely action upon discovery of deviations
Review and ensure that identification and allocation of IT costs are understood by the senior management to enable NSE make informed decisions regarding the use of IT services
- Server Operating Systems Review
- Ensure Data Centre Best Practices
- Ensure adherence to Disaster Recovery / Business Continuity principles,
- Ensure Penetration Testing
- Network Operating Systems Review
- Software Development Life Cycles
- Review of Technology Governance and Operations
- Information Security Reviews.
Review IT Policies & Procedures Review and generate Gap analysis Report
- Ensure proper monitoring of IT Operations (Backup & Recovery, Job scheduling, Problem and Incident Management)
- Maintaining work papers
- Evaluate the sufficiency and appropriateness of audit evidence to support conclusions drawn.
- Prepare the audit report and presenting it to the head Internal Audit Department
- Monitor compliance with reporting requirements.
Follow up and report on implementation of internal and external audit recommendations.
Performing other duties as assigned to him/her by the Head Internal Audit
DESIRED COMPETENCY AND SKILLS REQUIREMENTS:
- Thorough knowledge of Various Standards and Frameworks which include: ISACA framework • COBIT •COSO •SOX •ICFR •BASEL 1 & II Etc.
- Experience in IT Audit
- Proven track record of performance against deliverables
- Experience in financial sector is highly desirable
- Change management experience.
- Extensive knowledge of internal control principles, audit practises and compliance in an IT related Field.
- Must be able to build strong partnership with MOT and other staff, communicate with a wide variety of audience in a clear understandable language.
- Personal Integrity
- Ability to work under pressure with strict deadlines
- Ability to recognise and respond to diverse thinking styles and learning styles
- Strategically aware of the business environment, with a global mind-set
- Firm in decision making and persuasive.
- Dynamic, service oriented and Committed to results
- Problem solver and ready to develop and train others
- Natural inquisitiveness, Highly motivated, energetic and enthusiastic
- A Bachelor’s degree in accounting, Economics, Information technology or a similar field
- CISA (Certified Information Systems Audit), ICAN, ACCA added advantage.
Interested and qualified candidates should send their CVs to [email protected]