IT Auditor - Inspection and Examinations at Nigerian Stock Exchange

Division: Regulation
Department: Broker Dealers Regulation Department
Report to: Head, Broker Dealer Regulation  
Grade: IT Auditor – Inspections
Estimated Date of Resumption: July 1, 2018

Job Summary

• The icumbent would be required to have a thorough understanding of information Technology Infrastructures, automated information processing systems, related non automated processes and the interfaces between them in order to determine the risks that are relevant to information assets, and assess and evaluate controls in order to reduce or mitigate these risks.

Key Responsibilities

• Develop and implement a robust and effective IT Audit program for the Dealing member community. Conduct off- site and on-site IT inspections and examinations of Dealing Member Firms in line with The Exchange’s risk based supervision framework. Review and ensure that access control strategy aligns with Dealing Member Firms corporate identity policies and IT architecture.
• Review and ensure that a unique identity is used to initiate trade transactions and ensure that users are authorized to perform such actions. Violation monitoring - ensure that access violations are promptly identified and escalated. Review of password settings. Review of user creation and access modifications.
• Review of IP address to ensure that Broker systems match their Order Management Systems. Review to ensure continuous operations of business applications in the event of fire, terrorist attacks, extended power failures, equipment and telecommunication failures
• Review appropriately identified risks focused on Dealing Member Firms processes and potential risks that affect the continuity of IT operations and services. Audit of IT Governance
• System functionality reviews. Review of disaster recovery plans of Dealing Member Firms and ensure they are robust enough to withstand major disruptions to information systems. Perform audits of Dealing Member Firms Order Management Systems (OMS) functionality, and compatibility with the NSE requirements. Review of change management processes of Dealing Member Firms ensuring compliance to change management procedures. Assess the control risks associated with change requests of changes in IT infrastructure and applications.
• Liaise with relevant departments affected by any outcomes of inspection activities. Conduct IT risk assessments of Dealing Member Firms to ensure that they satisfy the requirements of The Exchange. Continuous risk profiling of firms in line with The Exchange’s Risk based supervision framework. Other Reviews Server Operating Systems Review.
• Network Operating Systems Review. Review of Technology Governance and Operations. Information Security Reviews. Ensure Server room adherence to best practices. Ensure adherence to Disaster Recovery/Business Continuity Principles. Ensure Penetration Testing. Review IT Policies and Procedures, and generate gap analysis as appropriate. Ensure proper monitoring of IT Operations (Backup & Recovery, Job scheduling, Problem and Incident Management)
• Inspections & Examinations Reporting Maintain a comprehensive schedule / work papers of all IT onsite and target examinations. Evaluate the sufficiency and appropriateness of audit evidence to support conclusions drawn. Prepare IT inspection reports and present to the Unit Head and Head of Department.
• Monitor compliance with reporting requirements. Follow-up and report on implementation of IT Inspection report recommendations. Manage internal and external relationships with stakeholders. Participate in relevant Exchange projects. Perform other tasks as assigned

Qualifications and Experience

• Minimum of 6 years work experience in the financial sector and a strong understanding of capital market operations especially stockbroking activities.
• Adequate knowledge of securities laws, rules and regulations and corporate governance principles and codes.
• Ability to work on own initiative.

Functional Competencies:

• Analytical Thinking
• Business Process Audit
• Client Relationship Management
• Data Gathering and Analysis
• Database Administration
• Desktop Engineering and Support
• Information Security
• Information Systems Audit
• Information Technology Policy and Planning
• Investigation
• Network and Telecommunications Technology
• Microsoft Office Packages

Behavioural Competencies:

• Attention to Detail
• Effective Communication Skills (Written & Oral)
• Integrity
• Leadership
• Team Work