Information Systems Auditor at Venture Garden Nigeria (VGN)

Location: Ikeja, Lagos

Job Description

• We are currently sourcing for an Information Systems Auditor who will plan, oversee and audit the information security systems used by Venture Garden Group.
• Once completed, the security auditor will provide the audit committee with a detailed report of our information systems, outline whether the system runs efficiently or effectively, and help the company make changes where necessary to improve the integrity of our system.

Principal Responsibilities and Accountabilities

• Execute a risk-based IS audit strategy in compliance with IS audit standards to ensure that key risk areas are audited.
• Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization.
• Conduct audits in accordance with IS audit standards to achieve planned audit objectives.
• Communicate audit results and make recommendations to key stakeholders through meetings and audit reports to promote change when necessary.
• Conduct audit follow-ups to determine whether appropriate actions have been taken by management in a timely manner.
• Evaluate the IT strategy, including IT direction, and the processes for the strategy’s development, approval, implementation, and maintenance for alignment with the organization’s strategies and objectives.
• Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization’s strategies and objectives.
• Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives.
• Evaluate the organization’s IT policies, standards and procedures, and the processes for their development, approval, release/publishing, implementation and maintenance to determine whether they support the IT strategy and comply with regulatory and legal requirements.
• Evaluate risk management practices to determine whether the organization’s IT-related risk is identified, assessed, monitored, reported and managed.
• Evaluate monitoring and reporting of IT key performance indicators (KPIs) to determine whether management receives sufficient and timely information.
• Evaluate the organization’s business continuity plan (BCP), including alignment of the IT disaster recovery plan (DRP) with the BCP, to determine the organization’s ability to continue essential business operations during the period of an IT disruption.
• Evaluate the information security and privacy policies, standards and procedures for completeness, alignment with generally accepted practices and compliance with applicable external requirements.
• Evaluate the design, implementation, maintenance, monitoring, and reporting of physical and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate the design, implementation, maintenance, monitoring and reporting of system and logical security controls to verify the confidentiality, integrity, and availability of information.
• Evaluate the processes and procedures used to store, retrieve, transport and dispose of assets to determine whether information assets are adequately safeguarded.
• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.

Requirements

• Certified Information Systems Auditor (CISA), and Certified Information Security Manager (CISM) certifications/experience.
• A minimum of 5 years’ experience as an IT Auditor preferred from a financial institution.
• A Bachelor's degree in computer science, Engineering, Physics or related fields.

Job Competencies and Capabilities
Essential Competencies:

• The Process of Auditing Information Systems - Provide audit services in accordance with IS audit standards to assist the organization in protecting and controlling information systems.
• Governance and Management of IT - Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization's strategy.
• Information Systems Acquisition, Development, and Implementation - Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.
• Information Systems Operations, Maintenance and Service Management - Provide assurance that the processes for information systems operations, maintenance, and service management meet the organization’s strategies and objectives.
• Protection of Information Assets - Provide assurance that the organization’s policies, standards, procedures and, controls ensure the confidentiality, integrity, and availability of information assets.

Experience and Knowledge:

• Knowledge of IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards.   Knowledge of the risk assessment concepts and tools and techniques used in planning, examination, reporting and follow-up.
• Knowledge of fundamental business processes (e.g., purchasing, payroll, accounts payable, accounts receivable) and the role of IS in these processes,
• Knowledge of the control principles related to controls in information systems.
• Knowledge of risk-based audit planning and audit project management techniques, including follow-up.
• Knowledge of the applicable laws and regulations that affect the scope, evidence collection and preservation, and frequency of audits.
• Knowledge of the risk and controls associated with data leakage
• Knowledge of the security risk and controls related to end-user computing
• Knowledge of methods for implementing a security awareness program
• Knowledge of information system attack methods and techniques
• Knowledge of prevention and detection tools and control techniques
• Knowledge of security testing techniques (e.g., penetration testing, vulnerability scanning)
• Knowledge of the processes related to monitoring and responding to security incidents (e.g., escalation procedures, emergency incident response team)
• Knowledge of the processes followed in forensics investigation and procedures in collection and preservation of the data and evidence (i.e., chain of custody).
• Knowledge of the fraud risk factors related to the protection of information assets

Working conditions:

• Flexibility is important.

Remuneration
Competitive based on experience.