IT Control Officer - SIPML at Stanbic IBTC

Job ID: 33656
Location: Lagos Island
Job Sector: Banking

Job Purpose

• This is an internal function which will drive the framework, oversight and monitoring of the controls environment in SIPML.
• Work as an internal consultant to IT Department, to manage the Company’s assets through effective IT risk management and control systems with an ultimate aim to mitigate risk in transactions and the IT underlying processes
• Mitigate operational risk through a number of controls and monitoring processes.
• Manage relationship with stakeholders such as Internal Audit, Compliance, Operational Risk, IT, Business Management, amongst other Business Units within the Company.
• Develop relationships in order to maintain / establish efficient and robust operating models across all IT Department.
• Expected to build a strong IT control environment to ensure zero level of policy, procedures and regulatory infractions and zero tolerance for control gaps,  reviewed / unauthorized transactions and income leakages

Key Responsibilities/Accountabilities
Manage Risk and Control Management over IT operations’ effectiveness:

• To support the Business and strengthen the IT control environment by introducing new initiatives toward achieving an effective IT control system within the Company.
• Perform analysis on IT procedures/processes by reviewing the departmental working manual to identify process gaps and provide value adding recommendations.
• Carry out periodic reviews of users & super user/administrator activity logs on the core applications and Active Directory (AD)
• Perform review of the change management logs, test reports and attending change management meetings
• Manage Logical Access on the company’s applications. This includes creation of users’ account, role modification, disabling of users’ account and password reset.
• Perform servers, database and operating system reviews.
• Perform periodic restoration and verification of application backup tapes to ascertain the authenticity & integrity of the selected tape and data.
• Perform periodic review and monitoring of endpoint security (antivirus, data leakage prevention, etc.)
• Conduct periodic review of the Data Centre biometrics access logs to ascertain that only authorized users gained access to the Data Centre and periodic inspection of the Data Centre to ensure that the facility and equipment are properly used and maintained in line

Monitor continuous knowledge development regarding sector’s rules, regulations, best practices, tools, techniques and performance standards:

• Process documentation , review & alignment
• Continuous review and improvement of work processes within the unit.
• Resolution of IT audit issues
• Prompt rendition of weekly reports with minimal error
• Improved IT control environment through continuous and high level engagement
• Satisfactory rating in the Audit reviews and Internal Service Survey (ISS).
• Ensure quality and improvement in Business Unit audit and risk assurance reports.

Report to Executive Management & Board Audit Committee:

• Conduct follow up audits to monitor management’s interventions
• Maintain open communication with management and audit committee
• Obtain, analyze and evaluate IT documentations, previous reports, data, flowcharts etc

Manage all Investigations as directed by Senior Management:

• Ensure that the company’s core values are adhered.
• Provide guidance on acceptable business culture and reputation

Delivers on all business strategies:

• Carries out proper engagements for fact finding
• Creates awareness on risks and conducts
• Recommends appropriate consequence management actions

Relationships
Process Owners - Heads of Departments and BUs:

• Description or examples:Maintain close contact with all internal stakeholders within the Wealth sectors and GIC

Group - BU heads in Stanbic IBTC Pensions and GIA:

• Influence their service delivery
• Description or examples:Approval and contribution to Policies

Regulator:

• Influence their decision making
• Description or examples: Contributes to industry initiatives like training

Customers:

• Manage the relationship
• Description or examples: Gets customers for the business and assists in managing some and difficult situations

Preferred Qualification and Experience

• First Degree Field of Study – Computer Science/Engineering
• Other qualifications -Certifications or professional memberships CISA/CRISC/CISM
• Advanced /Professional Degree or Professional Qualification in IT Audit/Control is required.

Experience

• Independent Assurance - Internal Audit and Controls
• Minimum of 2 years IT Governance experience
• Information Technology - Internal Audit and Controls
• Minimum of 2 years experience
• Risk Management,Business Support
• Understand IT operations and improve overall experience

Knowledge/Technical Skills/Expertise
Audit Process:

• The ability to develop control improvements required to mitigate the risks or control failures identified during internal audit reviews.

Control Evaluation:

• Knowledge of standards required in managerial and financial auditing, to identify exceptions to control procedures and standards, and develop specific solutions or recommendations.

Investigative Auditing:

• The ability to conduct investigations and gather evidence where cases of fraud (internal or external) are reported or suspected.

Risk Management:

• The ability to interpret regulations and laws that apply to the business and to provide information to business on how to comply