Role Overview
- The Product Auditor provides independent assurance over the design, implementation, and operating effectiveness of product controls across payment, wallet, settlement, switches, and other related products across the organisation
- The role ensures that new and existing products are deployed with adequate financial, operational, security, and regulatory controls, safeguarding the organization against revenue leakage, settlement failures, regulatory breaches, and technology-driven risks.
- The Product Auditor will independently evaluate product risk exposure and control maturity prior to scale.
Key Responsibilities
Audit Universe & Risk-Based Planning:
- Maintain a living Product Audit Universe covering all payment products, features, and integrations ranked by risk.
- Own the annual Product Audit Plan, ensuring coverage is allocated dynamically based on risk ratings, product complexity, regulatory sensitivity, and change velocity.
Product Design & Control Assurance:
- Review PRDs, business rules, and transaction workflows to identify logic gaps, unmitigated risk paths, and missing exception-handling routines before products reach production/go-live.
- Analyse product path scenarios, verify Maker-Checker enforcement, and provide formal control design sign-off before any material release goes live.
Live Product Assessment ( Continuous Audit Review):
- Periodically assess live payment products to confirm they continue to operate within approved design parameters.
- Detect configuration drift, identify silent divergence from original PRDs, and analyse live transaction data for emerging risk patterns.
Go-Live Readiness & Control Gate:
- Execute mandatory pre-production Product Audit reviews as an independent control gate for all material releases.
- Confirm reconciliation logic, exception queues, and fallback controls are tested and functional.
- Escalate critical deficiencies with risk ratings and hold recommendations where a product is not safe to release.
Transaction Logic & Mathematical Integrity:
- Interrogate the Fee Engine using SQL to mathematically prove that commissions, VAT, discounts, and splits are posted with complete precision.
- Validate duplicate prevention mechanisms and ensure transaction integrity within complex, multi-step payment sequences, and test reversal, refund, and chargeback logic to confirm financial symmetry is maintained in every scenario.
Settlement & Ledger Integrity:
- Trace fund flows, confirming continuous synchronisation between wallet sub-ledgers and the General Ledger.
- Assess reconciliation logic for breaks and evaluate the authorisation, documentation, and reversibility of manual settlement overrides.
Product Change & Configuration Integrity:
- Confirm that all product modifications: fee tables, routing rules, and limit parameters passed through an approved change management cycle.
- Identify silent changes made outside formal release processes and audit the integrity of product master data to ensure it is access-controlled, version-tracked, and consistent with approved product terms.
Vendor & Third-Party Product Risk:
- Assess controls over vendor-managed product components, evaluate SLA performance against contractual commitments, and identify single-vendor dependency risks within critical payment flows.
- Evaluate the organisation's ability to detect unilateral changes in third-party API behaviour, fee logic, or settlement processes.
Control Advisory & Stakeholder Engagement:
- Engage product and engineering teams early in the design cycle to provide informal control advisory, reducing findings at the formal review stage without compromising independence.
- Participate in design reviews and architecture discussions, and build a control-by-design culture across product teams.
Incident Review, RCA & Regulatory Alignment:
- Lead post-incident reviews for product failures, producing structured RCA reports that identify underlying logic failures, not just surface symptoms.
- Assess corrective actions for adequacy and track findings to verify closure.
- Ensure product logic complies with CBN guidelines, PCI DSS, and consumer protection obligations at the design level, and evaluate the regulatory impact of new features before release.
Reporting & Governance:
- Prepare risk-rated audit reports for Executive Management and the Audit Committee, leading with findings, financial impact, and required action.
- Maintain a Product Risk Register, deliver quarterly control maturity updates, and ensure governance bodies are never surprised by a product failure that was visible at the design or portfolio review stage.
Qualifications
- Education: Bachelor’s Degree in Computer Science, Engineering, Mathematics, Finance, or a related quantitative discipline
- Experience: 3–5+ years in Product Audit, Systems Audit, Financial Data Analytics, or Payment Operations within a fintech or financial services environment
- Certifications: CISA, CIA, or CFE preferred. ACA / ACCA is acceptable when combined with strong technical product experience and data analytics.
- Sector Knowledge: Demonstrated hands-on familiarity with payment product architecture, wallet systems, and regulated payment flows in a Nigerian or comparable market context.
Required Knowledge & Skills:
Technical Skills:
- Advanced SQL for independent data extraction and transaction interrogation
- Payment systems architecture: Wallets, card processing, direct debit, settlement, and reconciliation
- API and integration literacy (Basic)
- End-to-end transaction lifecycle knowledge: Authorisation, posting, clearing, settlement, and exception handling
- PRD and process flow analysis: translating product documentation into control flowcharts
- Mathematical precision: fee calculations, interest computations, and split payment structures
- Pattern recognition: detecting anomalies, outliers, and irregularities in large transaction datasets
Audit & Risk Skills:
- Risk-based audit methodology: IIA Standards and COSO framework applied to financial products.
- Control design logic and evaluation
- Root cause analysis
- Regulatory knowledge: CBN payment system regulations, PCI DSS, NDPR, Nigerian consumer protection obligations, etc.
Interpersonal & Professional Skills:
- Stakeholder engagement
- Professional scepticism and independence
- Risk-rated report writing
Tools & Platforms:
- SQL (PostgreSQL / MySQL / MSSQL)
- AdvancedExcel / Google Sheets
- Claude / AI Tools.
Gmail
Yahoomail