Senior Lead - IT Security Audit.Internal Audit and Forensic Services at MTN Nigeria

Mission:

• To perform risk-based security reviews of IT infrastructure, applications, cloud, and network security controls. 
• To provide independent assurance that systems, infrastructure and data are protected from threats and vulnerabilities.
• To evaluate vulnerabilities, access management, secure development practices, and incident response readiness. 
• Ensure compliance with security frameworks and regulatory requirements while providing recommendations to strengthen controls. 

Description:

• Lead the planning, scoping, and delivery of planned IT security and cybersecurity audits in line with the MTN Nigeria Internal Audit Plan and support the delivery of management requests and advisory engagements. 
• Perform walkthroughs, develop detailed audit work programs and conduct fieldwork activities to assess the design and operating effectiveness of security controls and policy enforcement.
• Identify vulnerabilities and gaps in system configurations, security infrastructure and perform gap analysis against industry best practices and applicable frameworks. 
• Validate that identified security risks are adequately addressed by operational and risk management teams.
• Verify that system configurations, access controls, encryption standards, and network protections are aligned with approved baselines and regulatory requirements
• Lead and perform internal security reviews, technical deep dives in line with best practices to ensure adequacy of the Internal security control environment.
• Lead and perform vulnerability assessment and penetration reviews in line with vulnerability assessment and penetration testing methodologies.
• Provide support to the IT Security Audit manager to ensure high-quality audit reports that articulate issues, risks, impacts, and recommendations.
• Present audit findings, recommendations, and audit reports to management and provide input into the Audit Committee presentation reports.
• Lead Quality assurance processes and ensure audit engagements are delivered in line with Internal Audit methodology and quality standards.
• Perform audit follow-up and reporting processes to track and validate remediation of audit findings to ensure sustainable risk mitigation and evaluate the adequacy of corrective actions.
• Maintain all audit administration documentation and information as required on routine and special information technology audits.
• Evaluate compliance with internal policies, telecom regulations, and Cyber Security best practices.
• Use data analysis tools to identify patterns, anomalies, and risks within large datasets.
• Engage with IT Security and business teams to understand processes and risk areas.
• Ensure that the audit is carried out on the eGRC system in line with process and methodology as mandated by the Group Internal Audit and Forensics function
• Report on an ad-hoc basis on specific projects as and when necessary.

Education:

• First degree in Electrical/ Electronics, Computer Engineering, Telecommunications, or Computer Science with strong predilection for engineering; or in any Systems oriented discipline
• Fluent in English
• CISA, CCNA/CCNP, CISSP, CISM, CIA, ISO 27001, COBIT 5,CEH, GSEC,SECURITY +, HFI,NCSF

Experience:

3 – 7 years’ experience in an area of specialisation; with experience in supervising others

• Minimum of 3 years’ experience in IT systems audit or IT security or privacy or technology consulting or cyber security experience in a reputable organization.
• Experience working in a medium to large organization in a Systems/ IT/ Telecomm environment