Information Technology Auditor at Nigerian Exchange Group (NGX Group)

S/He will be responsible for ensuring Internal Audit adopts industry best practices in Information Technology Audit duties across the Group’s operations. This position reports to the Group Chief Internal Audit Officer.

Responsibilities:

Provide Assurance That Systems Meets Intended Design & Purpose, through reviewing system development, conducting substantive test on transactions, ascertaining value for money, and reviewing post-implementation of IT projects:

• Review periodic evaluations of financials and operating systems of internal controls, procedures, and policies in line with prevailing circumstances/realities.
• Review policies and procedures for comprehensiveness and recommend updating to reflect current realities.
• Review internal control systems in line with business peculiarities and changes.

Information Technology Review, to achieve a minimum of 75% review in IT Infrastructure & Technology through reviewing governance and management of IT, Information System Acquisition, Development and Implementation, Information System Operations, Maintenance and Support, and also through Protection of Information Assets:

• Review of Technology Governance and Operations.
• Reviews of Change Management.
• Review IT Policies & Procedures Review.

Post-implementation review of IT Projects (6-9 months post-project go-live)

• Reviews to identify risks introduced during the vendor selection, pre-implementation, and go-live due to system adaptation for NGX’s Users and processes.
• Review and ensure that key controls were embedded through the application acquisition life-cycle and the go-live of various applications and processes.
• Ensure that investment in IT solution is optimised and licensed modules of the solution are currently in use.

System Access Control, Access Control Reviews on various systems used in NGX

• Review and ensure that access control strategy aligns with the corporate identity policy and the IT architecture of NGX.
• Review and ensure that a unique identity is used to initiate a transaction and ensure that the user is currently authorised to perform such action.
• Ensuring that access violations are identified. E.g. Resigned staff accounts are still active on NGX Group applications.

Specialised Audit such as ISO Standards and others that the Exchange Group will subscribe to their certification:

• Audit of the department/functions against the requirements of the applicable standards eg ISO 27001:2013.
• Conduct review of the effectiveness of the Information Security Management System in line with ISO 27001:2013 Standard.

Revenue Assurance Audit using Audit Tools

• Review of the various income heads in the books of the HoldCo and Subsidiaries.
• Ensure that income streams are protected from income leakages due to wrong configurations or manual process the for collection of income.
• Ensure the accuracy of revenue and in all transactions in the HoldCo and all the Subsidiaries.

Investigation

• Conduct investigations as may be directed by Management or Board.
• Conduct investigations in line with the approved investigation framework.
• Report findings and recommendations with appropriate evidence and supporting documentation to Executive Management or Board.

Person Specification & Required Qualification (s)

• B.Sc./HND in accounting Economics Information technology or a similar field.
• Relevant professional qualifications such as CISA (Certified Information Systems Audit), ICAN, and ACCA will be an added advantage.
• Minimum of seven (7) years’ cognate experience with at least two (2) years’ experience in the mid-senior management audit role.
• Experience in the financial services or capital market industry will be an added advantage.
• Must have knowledge of all audit and regulatory requirements.
• Be known for having high integrity and the ability to build trust with stakeholders.
• Must have a thorough knowledge of Various Standards and Frameworks which include ISACA framework • COBIT •COSO •SOX •ICFR •BASEL 1 & II etc