IT Governance Risk and Compliance Analyst at Moniepoint Inc. (Formerly TeamApt Inc.)

The IT Governance Risk and Compliance Analyst on the Information Security team at Moniepoint will be responsible and jointly accountable with CISO for the management, oversight and coordination of the Information Technology Governance,Risk Management and Compliance projects and programmes.

You will also be will be responsible for the identification, assessment, risk response, mitigation, control, monitoring, reporting and recommending remediation for current and emerging Information Technology risks and controls.

How Will You Create Impact?

Governance

• Ensure all IT policies and standards are defined, approved and up to date.
• Identify IT areas without IT policy and establish same for the IT unit.
• Execute / enforce / comply with Moniepoint policies and procedures.
• Evaluate IT units against IT policies, procedures and Central Bank of Nigeria/Industry standards.
• Moniepoint audit and regulatory audit - Engagement with relevant Moniepoint Staff, CBN, Consultants, QSAs, Other auditors/ regulatory bodies and respond to request and audit queries.
• Fix the identified Gaps / Exceptions from the evaluation / audit with the accountable unit Heads
• Oversee control related aspects of process changes and improvement, technology upgrades and new technology implementations. Ensure that the control structure remains effective.
• Risk Management
• IT Risk Management – Risk Identification, assessment and  planning, response and mitigation, monitoring, tracking and  reporting. 
• Risk and control self-assessments process ownership and  management - work with the responsible unit heads to ensure  closure of risk items on the RCSA register. 
• Work closely with unit heads to identify and assess risk and  develop controls and mitigation strategies for risk. 
• Participate in technology projects and programmes to identify  potential risks to the organization and recommend mitigation and  opportunities for improvement.
• Eliminate, avoid, share, accept and controlling the identified IT risk.

Compliance

• Work with IT management team to ensure that the organization  consistently attains high levels of compliance with all relevant  laws and regulations as well as industry best practices, such as  PCI-DSS Compliance/Certification and ISO Certifications (ISO 27001, ISO 20000 and ISO 22301.
• Legal and Regulatory Compliance of statutory policies and procedures.
• Management of audit findings, risk and control department relationship. 
• Management of CBN standards compliance projects.
• Responsible for procedures and controls to assure compliance  with applicable regulatory and legal requirements as well as good  business practices.
• Manage and ensure IT comply with the following bank and  regulatory agencies on Information Technology related  regulations. 
• Oversee control related aspects of technology process changes  and improvement, technology upgrades and new technology  implementations. Ensure that the control structure remains  effective as the organization changes.

Skills and Qualifications

•  A degree in Computer Science, Management Information  Systems, Computer Engineering or related degree
• Possesses relevant certifications like  Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC) 
• Minimum of 3 years experience in information  security/technology risk reviews across enterprise operating  systems, databases, banking applications and networks.
• Keen eye for detail.
• Highly motivated, energetic and self-learner.
• Ability to work with little supervision and meet strict deadlines. • Must be results-oriented, setting high standards, and intent on  making things happen.
• Takes the initiative within given parameters with freedom to  act.