Latest Jobs at Moniepoint Inc. (Formerly TeamApt Inc.)

We are looking for a skilled and highly motivated Senior Penetration Tester to join our Information Security team. The Senior Penetration Tester will be responsible for identifying and exploiting vulnerabilities in our systems, networks, and applications to enhance the organization's security posture. The ideal candidate will have a strong technical background in ethical hacking, vulnerability assessment, and security testing methodologies

Key Responsibilities:

Vulnerability Assessment and Exploitation:

• Conduct comprehensive offensive penetration testing on network infrastructure, web applications, mobile applications, and other digital assets.
• Identify, analyze, and exploit security vulnerabilities using advanced tools and techniques.
• Perform manual testing to complement automated tools and identify complex vulnerabilities.

Reporting and Documentation:

• Document findings in detailed, clear, and concise penetration testing reports. 
• Provide actionable recommendations to mitigate identified vulnerabilities 
• Communicate findings and recommendations to technical and non-technical stakeholders

Security Tools and Methodologies:

•  Utilize a variety of penetration testing tools such as Burp Suite, Metasploit, Nessus, Nmap, and others.
•  Develop custom scripts and tools to assist in testing efforts.
• Stay updated on the latest security vulnerabilities, tools, and methodologies.

Collaboration and Support:

• Work closely with the security operations, development, and IT teams to address security issues..
• Participate in red team/blue team exercises to improve overall security posture..
• Provide support and guidance to junior penetration testers and security analysts 

Compliance and Standards:

• Ensure penetration testing activities comply with relevant regulations and standards such as PCI-DSS, ISO 27001, etc.
• Contribute to the development and maintenance of security policies and procedures

Skills and Qualifications

• A Bachelors degree in Computer Science, Information Security,, Computer Engineering or related degree
• Possesses relevant certifications such as OSCP, CEH, GPEN, or CISSP is required)
• Minimum of 5 years of experience in penetration testing, ethical hacking, or a related field 
• Proven track record of identifying and exploiting vulnerabilities in diverse environments..
• In-depth knowledge of network and application security principles.
• Proficiency with penetration testing tools and methodologies.
• Strong understanding of common vulnerabilities and exploitation techniques.
• Experience with scripting and programming languages such as Python, Ruby, Bash, or PowerShell
• Excellent analytical and problem-solving skills
• Strong communication and reporting skills.
• Ability to work independently and as part of a team.

go to method of application »

The IT Governance Risk and Compliance Analyst on the Information Security team at Moniepoint will be responsible and jointly accountable with CISO for the management, oversight and coordination of the Information Technology Governance,Risk Management and Compliance projects and programmes.

You will also be will be responsible for the identification, assessment, risk response, mitigation, control, monitoring, reporting and recommending remediation for current and emerging Information Technology risks and controls.

How Will You Create Impact?

Governance

• Ensure all IT policies and standards are defined, approved and up to date.
• Identify IT areas without IT policy and establish same for the IT unit.
• Execute / enforce / comply with Moniepoint policies and procedures.
• Evaluate IT units against IT policies, procedures and Central Bank of Nigeria/Industry standards.
• Moniepoint audit and regulatory audit - Engagement with relevant Moniepoint Staff, CBN, Consultants, QSAs, Other auditors/ regulatory bodies and respond to request and audit queries.
• Fix the identified Gaps / Exceptions from the evaluation / audit with the accountable unit Heads
• Oversee control related aspects of process changes and improvement, technology upgrades and new technology implementations. Ensure that the control structure remains effective.
• Risk Management
• IT Risk Management – Risk Identification, assessment and  planning, response and mitigation, monitoring, tracking and  reporting. 
• Risk and control self-assessments process ownership and  management - work with the responsible unit heads to ensure  closure of risk items on the RCSA register. 
• Work closely with unit heads to identify and assess risk and  develop controls and mitigation strategies for risk. 
• Participate in technology projects and programmes to identify  potential risks to the organization and recommend mitigation and  opportunities for improvement.
• Eliminate, avoid, share, accept and controlling the identified IT risk.

Compliance

• Work with IT management team to ensure that the organization  consistently attains high levels of compliance with all relevant  laws and regulations as well as industry best practices, such as  PCI-DSS Compliance/Certification and ISO Certifications (ISO 27001, ISO 20000 and ISO 22301.
• Legal and Regulatory Compliance of statutory policies and procedures.
• Management of audit findings, risk and control department relationship. 
• Management of CBN standards compliance projects.
• Responsible for procedures and controls to assure compliance  with applicable regulatory and legal requirements as well as good  business practices.
• Manage and ensure IT comply with the following bank and  regulatory agencies on Information Technology related  regulations. 
• Oversee control related aspects of technology process changes  and improvement, technology upgrades and new technology  implementations. Ensure that the control structure remains  effective as the organization changes.

Skills and Qualifications

•  A degree in Computer Science, Management Information  Systems, Computer Engineering or related degree
• Possesses relevant certifications like  Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC) 
• Minimum of 3 years experience in information  security/technology risk reviews across enterprise operating  systems, databases, banking applications and networks.
• Keen eye for detail.
• Highly motivated, energetic and self-learner.
• Ability to work with little supervision and meet strict deadlines. • Must be results-oriented, setting high standards, and intent on  making things happen.
• Takes the initiative within given parameters with freedom to  act.