DevOps Auditor at Moniepoint Inc.

Role Overview

The DevOps Auditor is responsible for independently evaluating DevOps practices, cloud infrastructure, CI/CD pipelines, and security controls to ensure compliance, reliability, efficiency, and risk mitigation. This role bridges engineering, security, and compliance by assessing how DevOps processes are designed, implemented, and operated across the organization.

Key Responsibilities 

Audit & Compliance

• Audit CI/CD pipelines, infrastructure-as-code (IaC), and deployment processes for compliance with internal policies and external standards (e.g., ISO 27001, SOC 2, PCI DSS, HIPAA).
• Assess cloud environments (AWS, Azure, GCP) for security, governance, and cost controls.
• Review access management, secrets handling, and identity policies.
• Validate change management, release management, and incident response processes.

Risk & Security Assessment

• Identify operational, security, and compliance risks in DevOps workflows.
• Evaluate vulnerability management, patching, and dependency controls.
• Review logging, monitoring, alerting, and observability practices.
• Assess backup, disaster recovery, and business continuity readiness.

Process & Controls Review

• Examine DevOps maturity, automation coverage, and adherence to best practices.
• Evaluate segregation of duties and approval workflows.
• Review version control practices, branching strategies, and audit trails.
• Assess third-party tools and vendor integrations for risk exposure.

Reporting & Advisory

• Produce clear audit reports with findings, risk ratings, and actionable recommendations.
• Present audit results to engineering leadership, security teams, and management.
• Track remediation efforts and verify corrective actions.
• Provide guidance on improving DevOps governance and control frameworks.
• Participates in the other regular audits in the IT Audit Plan as assigned by the Head, IT Audit.
• Follow-up responsible teams to implement the recommendations of internal auditors, external auditors, consultants, and security analysts.

Qualifications 

• Minimum of a Bachelor’s degree in Computer Science/Engineering.
• Certifications in one or more of the following will be an added advantage CISA, CISSP, CCSP, AWS/Azure/GCP certifications etc.
• Experience: Minimum of 5 years of experience in DevOps, cloud engineering, security, IT audit, or risk management.
• Hands-on experience with:
  • CI/CD tools (e.g., GitHub Actions, GitLab CI, Jenkins)
  • Containers and orchestration (Docker, Kubernetes)
  • Cloud platforms (AWS, Azure, GCP)