Senior IS Auditor (Network & Server Administrator) at AB Microfinance Bank

REFCODE:              NSA/Is/JAN/2019/

Job Summary:

Assessing, validating and evaluating the Institutions’ Information System processes, people and technologies; by identifying and appraising risks in the IT processes while recommending solutions to potential and actual security vulnerabilities.

Main Responsibilities:   

Performing Information Systems Audit assignments of the AccessHolding Network Banks within the approved IT Hub Annual Audit Plan to ensure compliance of the Banks’ operations with External Legislation and Regulatory Policies and adherence to the Banks’ approved organizational Policies and Procedures and to improve the effectiveness of the running of the bank and its internal control system.  This includes;

Pre-Audit Responsibilities:

• Proactive alignment with the IT audit scope and annual auditing cycles and plans.
• Preparation and review of pre audit documentation
• Perform full risk and compliance audit reviews, over controls related to effectiveness, efficiency and Security of IT operations'; using applicable standards and regulations.
• Evaluate control environment as it relates to emerging information technology trends (cloud computing, social media, BYOD, etc.)
• Evaluate information system design and implementation processes against project management and system development life cycles
• Obtain, analyze and evaluate documentation, reports, data, flowcharts etc. for IT processes such as system development, IT security management and IT operations.
• Ensure that IT Audits are performed in line with established professional and regulatory standards.
• Create and undertake IT-business audit risk assessments; develop and execute IT audits within specified implementation duration; discuss results with Management and provides guidance on control issues and concerns.

Post-Audit Responsibilities:

• Prepare and present findings to the Management and Stakeholders of the Auditee, prepare IT Audit reports and IT Audit processes & procedures.
• Adequately document and summarize findings, recommendations and action plans in an audit report; reaches consensus on findings and recommendations with IT and business management; presents reports to audit management, business management and the Audit Committee.
• Prepares and submits requested documentation and reports for external audits and regulatory examinations.
• Ensure that management responses are received in a timely fashion, and are in line with recommendations, and have a reasonable estimated completion date.

Consultation responsibilities:

• Performs follow-up consultation on resolution of key issues
• Serve as a department resource for questions and guidance on technical matters; extracts and provides data to other auditors for analysis.
• Assist Head of Internal Audit in the coordination of the Junior IS Auditors activities.
• Developing / review of working papers and draft IT report as produced by the Juniors
• Assist in the on-the-job training of junior IS Auditors. Also assist in preparing and presenting assigned material for in-house training programs.

Necessary experience, skills and knowledge

• Minimum educational qualification: B.Sc. / HND in any related discipline with cognate experience
• General IT work experience of 5yrs with 2 years minimum working experience as IT Auditor in a regulated environment, preferably a Bank or financial Institution Cisco Certified Network Professional (CCNP) or higher
• Certified Information Systems Auditor (CISA) certification or equivalent
• Certified Information Systems Security Professional (CISSP) or equivalent
• Technical Proficiency: Networking and Firewalling Security
• Advanced Knowledge in Network Architecture DMZ creation
• Advanced Knowledge and Administration of Routing, Switching, Firewalling and Network Access Control devices;
• Advanced skill in Network Logging, Monitoring, Analysis and Troubleshooting
• Technical Proficiency: Operating Systems and Server Infrastructure
• Advanced Knowledge in Windows Server Active Directory
• Audit experience and high technological proficiency in Microsoft packages: The core technologies include Microsoft Azure, SharePoint Server, Exchange Server, SCOM, HyperV etc.
• Clear understanding of User management and access control, vulnerability assessment, change control, business continuity, data privacy and risk assessment practices.
• Composite Knowledge in Linux operating environments; understanding of application setup and installation basics.

Core Competencies

• Working knowledge of industry recognized auditing standards, such as Institute of Internal Auditors (IIA) Standards and Guidelines and ISACA IS Audit and Assurance Standards and Guidelines. (IIA; ISACA; ISO 27001).
• High degree of process understanding as well as profound knowledge/willingness to develop in the areas of Banking and finance products, digital finance and digital channel management
• Insight into Banking laws and are willing to become acquainted with local specific Banking laws, standard banking requirements as well as IT banking systems.
• Basic understanding in project management and organization skills with high attention to detail.
• Inquisitive, critical thinker with business risk awareness, professional skepticism, and sound judgment.
• Ability to research, assimilate information from both IT and business functions, apply strong problem solving and analytical skills, and influence issue resolution.
• Good communication and interaction capability (Excellent written and verbal communication, interviewing, and presentation skills – proficiency in English)
• Willingness to travel up to 50% to Audit locations outside Nigeria