Senior IS Auditor (Network & Security Administrator) at AB Microfinance Bank

Job Summay

• Assessing, validating and evaluating the Institutions’ Information System processes, people and technologies; by identifying and appraising risks in the IT processes while recommending solutions to potential and actual security vulnerabilities.

Responsibilities
Pre-Audit Responsibilities:

• Proactive alignment with the IT audit scope and annual auditing cycles and plans.
• Preparation and review of pre audit documentation.

Auditing Responsibilities:

• Perform full risk and compliance audit reviews, over controls related to effectiveness, efficiency, and Security of IT operations, using applicable standards and regulations.
• Evaluate control environment as it relates to emerging information technology
• Obtain, analyze, and evaluate documentation, reports, data, flowcharts etc. for IT processes such as system development, IT security management and IT operations.
• Ensure that IT Audits are performed in line with established professional and regulatory standards.
• Create and undertake IT-business audit risk assessments; develop and execute IT audits within specified implementation duration; discuss results with Management and provides guidance on control issues and concerns.

Post-Audit Responsibilities:

• Support the IS Audit lead in preparing and presenting findings to the Management and Stakeholders of the Auditee, prepare IT Audit reports and IT Audit processes & procedures.
• Adequately document and summarize findings, recommendations, and action plans in an audit report; reaches consensus on findings and recommendations with IT and business management; presents reports to audit management, business management and the Audit Committee.
• Prepares and submits requested documentation and reports for external audits and regulatory examinations.

Consultation Responsibilities:

• Supports the Team Lead in performing follow-up consultation on resolution of key issues
• Serve as a part of the department resource for questions and guidance on technical matters.

Necessary Experience, Skills and Knowledge

• Minimum educational qualification: B.Sc. / HND in any related discipline with cognate experience
• General IT work experience of 5 years with 3 years minimum working experience as IT Auditor majored in Network administrator & Security in a regulated environment, preferably a Bank or financial Institution
• Cisco Certified Network Professional (CCNP) or higher
• CompTIA Network +
• Certified Information Systems Auditor (CISA) certification or equivalent
• Certified Information Systems Security Professional (CISSP) or equivalent.

Technical Proficiency: Networking and Security

• Knowledge of different types of networks:Local Area Networks (LANs), Wide Area Networks (WANs), Virtual Private Networks (VPNs), and sometimes Storage Area Networks (SANs) as well as Server infrastructure and their management.
• Advanced Knowledge in infrastructure review: Operating System and Networking security
  • Advanced Knowledge in Network Security Architecture, Administration of Routing, Switching, Firewalling and Network Access Control devices.
  • Advanced skill in Network Logging, Monitoring, Analysis and Troubleshooting
• Understanding of network security components such as firewalls, VPNs, and access control and their correct implementation in a secure environment.

Core Competencies:

• Working knowledge of industry recognized auditing standards, such as Institute of Internal Auditors (IIA) Standards and Guidelines and ISACA IS Audit and Assurance Standards and Guidelines. (IIA; ISACA; ISO 27001).
• High degree of process understanding as well as profound knowledge/willingness to develop in the areas of Banking and finance products, digital finance, and digital channel management
• Insight into Banking laws and are willing to become acquainted with local specific Banking laws, standard banking requirements as well as IT banking systems.
• Clear understanding of User management and access control, vulnerability assessment, change control, business continuity, data privacy and risk assessment practices.
• Basic understanding in project management and organization skills with high attention to detail.
• Inquisitive, critical thinker with business risk awareness, professional skepticism, and sound judgment.
• Ability to research, assimilate information from both IT and business functions, apply strong problem solving and analytical skills, and influence issue resolution.
• Good communication and interaction capability (Excellent written and verbal communication, interviewing, and presentation skills - proficiency in English)
• Willingness to travel up to 20% > to Audit locations outside Nigeria.