IT Governance Risk and Compliance Analyst at Moniepoint Inc. (Formerly TeamApt Inc.)

About the Role

• The IT Governance Risk and Compliance Analyst on the Information Security team at Moniepoint will be responsible and jointly accountable with CISO for the management, oversight and coordination of the Information Technology Governance, Risk Management, and Compliance projects and programmes.
• You will also be will be responsible for the identification, assessment, risk response, mitigation, control, monitoring, reporting, and recommending remediation for current and emerging Information Technology risks and controls.

How Will You Create Impact?
Governance:

• Ensure all IT policies and standards are defined, approved and up to date.
• Identify IT areas without IT policy and establish same for the IT unit.
• Execute / enforce / comply with Moniepoint policies and procedures.
• Evaluate IT units against IT policies, procedures and Central Bank of Nigeria/Industry standards.
• Moniepoint audit and regulatory audit - Engagement with relevant Moniepoint Staff, CBN, Consultants, QSAs, Other auditors/ regulatory bodies and respond to request and audit queries.
• Fix the identified Gaps / Exceptions from the evaluation / audit with the accountable unit Heads
• Oversee control related aspects of process changes and improvement, technology upgrades and new technology implementations. Ensure that the control structure remains effective.

Risk Management:

• IT Risk Management – Risk Identification, assessment and planning, response and mitigation, monitoring, tracking and reporting.
• Risk and control self-assessments process ownership and management - work with the responsible unit heads to ensure closure of risk items on the RCSA register.
• Work closely with unit heads to identify and assess risk and develop controls and mitigation strategies for risk.
• Participate in technology projects and programmes to identify potential risks to the organization and recommend mitigation and opportunities for improvement.
• Eliminate, avoid, share, accept and controlling the identified IT risk.

Compliance:

• Work with IT management team to ensure that the organization consistently attains high levels of compliance with all relevant laws and regulations as well as industry best practices, such as PCI-DSS Compliance/Certification and ISO Certifications (ISO 27001, ISO 20000 and ISO 22301.
• Legal and Regulatory Compliance of statutory policies and procedures.
• Management of audit findings, risk and control department relationship.
• Management of CBN standards compliance projects.
• Responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Manage and ensure IT comply with the following bank and regulatory agencies on Information Technology related regulations.
• Oversee control related aspects of technology process changes and improvement, technology upgrades and new technology implementations. Ensure that the control structure remains effective as the organization changes.

Skills and Qualifications

• A Degree in Computer Science, Management Information Systems, Computer Engineering or related Degree
• Possesses relevant certifications like Certified Information Systems Auditor (CISA) , Certified in Risk and Information Systems Control (CRISC)
• Minimum of 3 years experience in information security/technology risk reviews across enterprise operating systems, databases, banking applications and networks.
• Keen eye for detail.
• Highly motivated, energetic and self-learner.
• Ability to work with little supervision and meet strict deadlines.
• Must be results-oriented, setting high standards, and intent on making things happen.
• Takes the initiative within given parameters with freedom to act.