Information Technology Auditor at Nigerian Exchange Group (NGX Group)


Nigerian Exchange Group (NGX Group) is a leading financial market infrastructure provider in Africa, connecting Nigeria, Africa and the world.

We are recruiting to fill the position below:

 

Job Title: Information Technology Auditor

Location: Lagos, Nigeria
Job type: Full-time

Job Description

  • We are looking for an Information Technology Auditor. You would be required to have a thorough understanding of the Exchange Group policies, overall mission, and strategy, as well as an Extensive knowledge of internal control principles, audit practices, and compliance in an IT-related field with background experience preferably from a listed company. 
  • S/He will be responsible for ensuring Internal Audit adopts industry best practices in Information Technology Audit duties across the Group’s operations. This position reports to the Group Chief Internal Audit Officer.

Responsibilities
As a member of the Group Internal Audit department, you would also be responsible for the following:

Provide Assurance that Systems Meets Intended Design & Purpose, through reviewing system development, conducting substantive tests on transactions, ascertaining value for money, and reviewing post implementation of IT projects:

  • Review periodic evaluations of financials and operating systems of internal controls, procedures, and policies in line with prevailing circumstances/realities.
  • Review policies and procedures for comprehensiveness and recommend updating to reflect current realities.
  • Review internal control systems in line with business peculiarities and changes.

Information Technology Review, to achieve a minimum of 75% review in IT Infrastructure & Technology through reviewing governance and management of IT, Information System Acquisition, Development and Implementation, Information System Operations, Maintenance and Support, and also through Protection of Information Assets:

  • Review of Technology Governance and Operations.
  • Reviews of Change Management.
  • Review IT Policies & Procedures Review.

Post-implementation review of IT Projects (6-9 months post project go-live):

  • Reviews to identify risks introduced during the vendor selection, pre-implementation, and go-live due to system adaptation for NGX’s Users and processes.
  • Review and ensure that key controls were embedded through the application acquisition life-cycle and the go-live of various applications and processes.
  • Ensure that investment in IT solutions is optimised and licensed modules of the solution are currently in use.

System Access Control, Access Control Reviews on various systems used in NGX:

  • Review and ensure that the access control strategy aligns with the corporate identity policy and the IT architecture of NGX.
  • Review and ensure that a unique identity is used to initiate a transaction and ensure that the user is currently authorised to perform such action.
  • Ensuring that access violations are identified. E.g. Resigned staff accounts still active on NGX Group applications.

Specialised Audit such as ISO Standards and others that the Exchange Group will subscribe to their certification:

  • Audit of the department/functions against the requirements of the applicable standards eg ISO 27001:2013.
  • Conduct a review of the effectiveness of the Information Security Management System in line with ISO 27001:2013 Standard.

Revenue Assurance Audit using Audit Tools:

  • Review of the various income heads in the books of the HoldCo and Subsidiaries.
  • Ensure that income streams are protected from income leakages due to wrong configurations or manual processes for the collection of income.
  • Ensure accuracy of revenue and in all transactions in the HoldCo and all the Subsidiaries.

Investigation:

  • Conduct investigations as may be directed by Management or Board.
  • Conduct investigations in line with the approved investigation framework.
  • Report findings and recommendations with appropriate evidence and supporting documentation to Executive Management or Board.

Requirements
To successfully deliver these goals, you must have the following relevant experience & qualifications below:

  • First Degree or its equivalent in Accounting, Economics, Information Technology, or a similar field.
  • Relevant professional qualifications such as CISA (Certified Information Systems Audit), ICAN, and ACCA will be an added advantage.
  • Must have knowledge of all audit and regulatory requirements.
  • Be known for having high integrity and the ability to build trust with stakeholders.
  • Must have a thorough knowledge of Various Standards and Frameworks which include ISACA framework, COBIT, COSO, SOX, ICFR, BASEL 1 & II etc.
  • Ten (10) years cognate experience with at least two (2) years experience in a mid-senior management audit role.
  • Experience in the financial services or capital market industry will be an added advantage.

 

How to Apply
Interested and qualified candidates should send an updated Resume to: [email protected] with the subject title “NGX Group Recruitment - Information Technology Auditor" as the subject of the email