Reporting to the Head Information Systems Audit, the Team Lead, Security Operations Audit will lead individual assigned internal audit engagements, focusing on Information Security Systems and Operations, which support various processes, products, and functions across the company. The role requires assurance on the effectiveness and efficiency of Information Security Risk Management, Control and Governance process within the organization and subsidiaries, to achieve strategic and business objectives. The individual will provide assurance that Information Systems and Cybersecurity risks are properly identified, measured, controlled monitored and within the organization’s risk appetite, The individual will execute IT security audits testing across systems and platforms, and also work with other internal audit staff or co-sourcing staff to deliver audit assignments through planning, execution, reporting, audit close-out, and follow-up phases in line with the internal audit methodology.

Responsibilities

  • Participate in the Audit of the Business’
  •  Cyber Security Programs and Strategies  Implemented Security Governance  Existing Security Architecture  Security configurations & Infrastructure and  Security Incident and Event Management  Security Standards and Frameworks  Interfaces, web services and APIs  Vulnerability Assessments, Penetration Testing and  Security Operations Centre
  • Prepare timely, accurate and complete audit query and other audit work papers in line with the Internal Audit Methodology
  • Carry out assigned special investigation into cyber security related breaches, system outages or attacks
  • Participates in the audit SIEM and other emerging security solutions deployed by the Business to ensure protection against a wide range of threats and vulnerabilities
  • Executes the audit of the following standards:  ISO 27001 - Information Security Management Systems  ISO22301 – Business Continuity Management Systems  PCIDSS - All in-scope departments
  • Executes 3rd Party Risks Audit
  • Executes Data Protection Audits (NDPR, GDPR)
  • Participates in the review of Cyber-Security Risk Framework, Operational Risk Management and other related Frameworks/policies
  • Carries out planned/ad-hoc activities to ensure the audits are performed in line with Internal Audit Methodology and relevant professional standards
  • Participates in Operational Risk process reviews to ensure Control and Security Operations team’s compliance with Operational Risk Governance Framework
  • Ensures the currency of Governance, Risks and standards audit procedures/checklists given the proliferation and complexity of Information and communication technologies
  • Participates in the follow-up to ensure Management’s timely regularization of audit exceptions
  • Assist audit staffs in performing complex analysis in audits and reviews
  • Perform other functions as assigned by the Head, Information Systems Audit

Requirements

  • Competencies
  • Security Operations Audit
  • Data analysis skills
  • IT Risks, threats, and vulnerabilities
  • Information and Cybersecurity Risks
  • Cybersecurity Frameworks and Standards
  • Data Privacy Regulation
  • Application Security
  • Database and Network Security
  • Business communication and presentation skills
  • People skills
  • Governance, Risks and Compliance Frameworks
  • Security and Forensic Investigations
  • Enterprise Security Architecture Framework(s)
  • Experience & Qualifications
  • Bachelor’s and/or Advanced degree in Computer Science or any related disciplines
  • Professional certification (CISA, SCCP, CCSA, CRISC, CISSP, CEH, ISO 27032, ISO 22301 & ISO 27001, ISO 20000, COBIT 5, CCISO etc)
  • 7 - 9 years relevant experience in IT audit and IT security audit, including 3 years managing others in a supervisory position
  • Prior experience working in fintech or payment services firm; Big 4 professional service firm; banking or other financial services firm, technology firms etc will be an advantage
  • Hands-on experience in IT risks, control, and security auditing; IT general controls and IT application controls auditing; and IT security audit
  • Experience in Blockchain Capabilities, ITGC, Integrated Management Systems Audit, SQL, Virtualization, Cloud, Big Data, Retail payment systems, AIOps, Dev|Ops, etc
  • Good understanding of the latest IT auditing techniques and use of tools Complex problem-solving skills and ability to work under pressure

Department

GMD's Office

Location

Lagos Office   |   Permanent

Deadlines

June 30, 2022

Apply now