Recent Employment Vacancy at the Nigerian Stock Exchange (NSE)
We are recruiting to fill the position below:
Job Title: IT Audit Analyst
Department: Internal Audit Department
Report to: IT Auditor
Grade: Executive Assistant – Officer
Estimated Date of Resumption: Monday, October 14, 2019
- This jobholder has the responsibility of supporting the review and evaluation of the NSE automated information processing systems, related non-automated processes and the interfaces between them in order to determine the risks that are relevant to information assets, and assessing and evaluating controls in order to reduce or mitigate these risks.
- S/he is also expected to work with the IT Auditor to evaluate the reliability of data from IT systems which have an impact on the financial statement.
- S/he is to drive compliance with applicable laws, policies and standards in relation to IT as well as check if there are instances of extravagance, inefficiencies and wastage in the use and management of IT systems. Serving as the IT Audit Analyst, this position reports to the IT Auditor at the Corporate Headquarters.
Review of System Access Controls:
- Ensure that access control strategy aligns with the corporate identity policy and the IT architecture of NSE
- Ensure the right user authorisation for employees and conduct due diligence for all transactions raised. Violation monitoring: ensure that access violations are identified eg resigned staff accounts still active on NSE applications
Post-Implementation Reviews of IT Projects:
- Reviews to identify risks introduced during the vendor selection, pre-implementation and go-live phases due to system adaptation for NSE’s Users and processes
- Review and ensure that key controls were embedded through the application acquisition life-cycle and go-live of various applications and processes.
Business Continuity Reviews:
- Review to ensure continuous operations of business applications (X-Stream, ERP, etc) in the event of fires, terrorist attacks, extended power failures, equipment and telecommunications failures
- Review appropriately identified risks focusing on NSE processes and known potential risks that affect continuity of IT operations and services
- Ensure that costs of implementing and managing continuity assurance are less than the expected losses and within management’s risk tolerance levels
Review DR incidences as it relates to RTO and RPO Reviews of Change Management:
- Ensure that change management procedures are standardised and followed in all IT related system changes (maintenance, patches, etc)
- Assess the control risk associated with change request of changes within IT infrastructure and Applications.
Revenue Assurance Audit:
- Participate in the review of the various income heads in the books of the NSE
- Ensure that income streams are protected from income leakages due to wrong configuration or manual process for collection of incomes.
Continuous Auditing of IT Related activities:
- Ensure that all IT related activities are reviewed for compliance and consistency
- Reviews of IT implementation and ensure that the meet the needs of users
- Ensure that the disaster recovery processes in the NSE, would be available and sufficient enoug to withstand major disruptions to our information systems
- Continuous auditing of X-Stream and ensure that data from the application are accurate and free from error or manipulation
Hardware Infrastructure and Data Centre Management Review:
- Assist in periodic review of Network, Hardware, Firewall
- Fire suppression system
- Screening of employees and contractors who access Data Centre
- Video Surveillance.
Network Infrastructure and Perimeter Defence Review:
- Assist in review of Network Topology
- Participate in review of Network Security (Switches, Routers)
- Review to ensure Network devices are physically and logically secured
- Assist in Perimeter Defence Review (Firewall, VPN).
Investigation of System Errors and Incidences:
- Incidences and system errors investigation
- Root cause analysis review.
- Ensure effective follow up with Auditees for resolution of all outstanding weighty exceptions and open items, and Management Letters raised during IT audits and by external auditors respectively
- Ensure quality audit reports covering the entire IT functions are presented to the Executive Management and meet the standards of Council Audit and Risk Management Committee
- Software Development Life Cycles
- Information Security Reviews
- Ensure Data Centre Best Practices
- Ensure adherence to Disaster Recovery / Business Continuity principles
- Ensure Penetration Testing
- Review IT Policies & Procedures Review and generate Gap analysis Report
- Ensure proper monitoring of IT Operations (Backup & Recovery, Management of Storage Media, Problem and Incident Management).
- Maintaining work papers
- Evaluate the sufficiency and appropriateness of audit evidence to support conclusions drawn. Prepare the audit report and presenting it to the head Internal Audit Department
- Monitor compliance with reporting requirements
- Follow up and report on implementation of internal and external audit recommendations. Performing other duties as assigned to him/her by the Head Internal Audit.
Research/Policy Development and Standard Operating Procedures:
- Develop, review and maintain IT Audit policies, guidelines, and Standard Operating Procedures (SOPs).
- Perform other related duties as may be assigned from time to time
- Execute the audit program ensuring adequate documentation to complete the internal audit and support the conclusions reached
- Identify potential control weaknesses, irregularities, discrepancies, and deviations from prescribed procedures, policies, and practices to help the Company improve performance and meet regulatory requirements
- Assist with the review of financial statements, footnote disclosures and management letter comments
- Conduct investigations as the need arises.
Qualifications and Experience
- A degree in Computer Science, Computer Engineering, Electrical/Electronics Engineering or any numerate sciences
- Minimum of 2 years post-NYSC relevant experience in an IT function in a dynamic, fast-paced environment
- Basic knowledge of various Standards and Frameworks which include: ISACA framework COBIT, ISO27001, ITIL, COSO, SOX, ICFR, BASEL 1 & II Etc will be an added advantage
- Working knowledge of Microsoft Servers OS, Windows Domain architecture, Unix/Linux Administration is a must. Possession of Microsoft certifications as proof of competence
- Basic knowledge of Networking
- Possession of or preparing for CISA, CISSP, CRISC, CEH, ACA, ACCA certifications will also be an added advantage.
- Excellent oral and written communication skills
- Ability to work under presure with strict deadlines
- Project Management
- Stakeholder Management
- Proficiency with Microsoft Word, Excel and PowerPoint
- Strong organisation skills.
- Time Management
- Ability to work outside normal work hours when required
- Natural Inquisitiveness, highly motivated, energetic and enthusiastic
- Dynamic, service oriented and committed to results
Application Closing Date
11th September, 2019.
Method of Application
Interested and qualified candidates should:
Click here to apply online
Note: The intent of this job description is to provide a representative summary of the types of duties and responsibilities that will be required of positions given this title and shall not be construed as a declaration of the specific duties and responsibilities of any particular position.