The Nigerian Stock Exchange services the largest economy in Africa, and is championing the development of Africa’s financial markets. The Exchange offers listing and trading services, licensing services, market data solutions, ancillary technology services, and more. It is an open, professional and vibrant exchange, connecting Nigeria, Africa and the world.
This jobholder has the responsibility of reviewing and evaluating (wholly or partly) the NSE automated information processing systems, related non-automated processes and the interfaces between them in order to determine the risks that are relevant to information assets, and assessing and evaluating controls in order to reduce or mitigate these risks. She/he is also expected to evaluate the reliability of data from IT systems which have an impact on the financial statement. She/he is to ascertain the level of compliance with applicable laws, policies and standards in relation to IT as well as check if there are instances of extravagance, inefficiencies and wastage in the use and management of IT systems.
IT AUDITOR
RESPONSIBILITIES:
Review of System Access Controls
Review and ensure that access control strategy aligns with the corporate identity policy and the IT architecture of NSE;
Review and ensure that a unique identity is used to initiate a transaction and ensure that user is currently authorized to perform such action;
Violation monitoring: ensuring that access violations are identified. e.g. resigned staff accounts stillactive on NSE applications
Post-Implementation Reviews of IT Projects
Reviews to identify risks introduced during the vendor selection, pre-implementation and golive due to system adaptation for NSE’s Users and processes;
Review and ensure that key controls were embedded through the application acquisition lifecycle and go-live of various applications and processes
Business Continuity Reviews
Review to ensure continuous operations of business applications (X-stream, Sage etc.) in the event of fires, terrorist attacks, extended power failures, equipment and telecommunications failures;
Review appropriately identified risks focusing on NSE processes and known potential risks that affect continuity of IT operations and services;
Ensure that costs of implementing and managing continuity assurance are less than the expected losses and within management’s risk tolerance
Reviews of Change Management
Ensure 100% compliance to change management procedures to handle in a standardized manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms;
Assess the control risk associated with change request of changes within IT infrastructure and Applications;
Revenue Assurance Audit
Review of the various income heads in the books of the NSE;
Ensure that income streams protected from income leakages due to wrong configuration or manual process for collection of incomes
Continuous Auditing of IT Related activities
Ensure that the following activities carried out by IT are reviewed
Reviews of IT implementation and ensure that the meet the needs of users
Ensure that the disaster recovery processes in the NSE, would available and sufficient enough to withstand major disruptions to our information systems
Continuous auditing of x-stream and ensure that data from the application are accurate
Audit of IT Governance
NSE’s IT senior management team is engaged in aligning IT strategic plans with current and future business needs
NSE’s IT performance monitoring and evaluation process reviews: definition of relevant performance indicators, systematic and timely reporting, and timely action upon discovery of deviations
Review and ensure that identification and allocation of IT costs are understood by the senior management to enable NSE make informed decisions regarding the use of IT services
OTHER REVIEWS
Server Operating Systems Review
Network Operating Systems Review
Software Development Life Cycles
Review of Technology Governance and Operations
Information Security Reviews.
Ensure Data Centre Best Practices
Ensure adherence to Disaster Recovery / Business Continuity principles,
Ensure Penetration Testing
Review IT Policies & Procedures Review and generate Gap analysis Report
Ensure proper monitoring of IT Operations (Backup & Recovery, Job scheduling, Problem and Incident Management)
Audit Reporting
Maintaining work papers
Evaluate the sufficiency and appropriateness of audit evidence to support conclusions drawn.
Prepare the audit report and presenting it to the head Internal Audit Department
Monitor compliance with reporting requirements.
Follow up and report on implementation of internal and external audit recommendations.
Performing other duties as assigned to him/her by the Head Internal Audit
DESIRED COMPETENCY AND SKILLS REQUIREMENTS:
Thorough knowledge of Various Standards and Frameworks which include: ISACA framework • COBIT •COSO •SOX •ICFR •BASEL 1 & II Etc.
Extensive knowledge of internal control principles, audit practises and compliance in an IT related Field.
Must be able to build strong partnership with MOT and other staff, communicate with a wide variety of audience in a clear understandable language.
Experience in IT Audit
Proven track record of performance against deliverables
Experience in financial sector is highly desirable
Change management experience.
Generic Skills:
Personal Integrity
Dynamic, service oriented and Committed to results
Problem solver and ready to develop and train others
Natural inquisitiveness, Highly motivated, energetic and enthusiastic
Ability to work under pressure with strict deadlines
Ability to recognise and respond to diverse thinking styles and learning styles
Strategically aware of the business environment, with a global mind-set
Firm in decision making and persuasive.
JOB SPECIFICATION:
A Bachelor’s degree in accounting, Economics, Information technology or a similar field
CISA (Certified Information Systems Audit), ICAN, ACCA added advantage.
TO APPLY
Please send CVs to cconwujei@nse.com
Job Vacancy at Nigerian Stock Exchange, Monday 25, April 2016
No comments:
Post a Comment