Information Systems Auditor at Economic Community of West African States (ECOWAS)

Economic Community of West African States (ECOWAS)Abuja, Nigeria Networking and Tech Support

Full Time

Welcome to the Economic Community of West African States (ECOWAS). Established on May 28 1975 via the treaty of Lagos, ECOWAS is a 15-member regional group with a mandate of promoting economic integration in all fields of activity of the constituting countries. Member countries making up ECOWAS are Benin, Burkina Faso, Cape Verde, Cote d’ Ivoire, The Gambia, Ghana, Guinea, Guinea Bissau, Liberia, Mali, Niger, Nigeria, Sierra Leone, Senegal and Togo Considered one of the pillars of the African Economic Community, ECOWAS was set up to foster the ideal of collective self-sufficiency for its member states. As a trading union, it is also meant to create a single, large trading bloc through economic cooperation. Integrated economic activities as envisaged in the area that has a combined GDP of $734.8 billion, revolve around but are not limited to industry, transport, telecommunications, energy, agriculture, natural resources, commerce, monetary and financial issues, social as well as cultural matters. Expectations of economic integration have always been high and a lot has been accomplished by the regional group since the endorsement of the treaty which gave it the required legal teeth. Going by current assessments, the regional body has exceeded the expectations of its founding fathers. Today, the organisation is being acknowledged globally as a successful regional body. ECOWAS can be seen now as a toast to a workable integration and regional co-existence.

Role Overview

Under the supervision of the Principal Auditor, Information Systems Audit, the incumbent will provide independent assurance and advisory services on the governance, security, and effectiveness of Information and Communication Technology (ICT) systems across ECOWAS institutions and Agencies.
The IS Auditor evaluates the design and operation of ICT controls, assesses compliance with regional and international standards, and contributes to the improvement of IT risk management, digital transformation oversight, and institutional accountability.

Role and Responsibilities

Execute comprehensive audits across ECOWAS institutions, agencies, and programs in line with international standards (ISACA, INTOSAI, AFROSAI-E).
Review IT General Controls (ITGCs), application controls, cybersecurity measures, infrastructure reliability, and system change management processes.
Evaluate compliance with ECOWAS ICT policies, information security standards (e.g., ISO 27001, COBIT, ITIL), regional data protection regulations, and broader risk governance frameworks.
Verify the accuracy, security, and reliability of enterprise systems such as ERP (e.g., SAP, Oracle), financial systems, and HRIS platforms.
Assess risks related to data governance, cloud adoption, disaster recovery, artificial intelligence, digital transformation, and cybersecurity threats.
Participate in audits of system acquisition and deployment to ensure appropriate vendor selection, planning, integration, and control mechanisms.
Support preparation of audit planning memoranda and ensure thorough audit documentation including working papers and finding memoranda.
Develop and present high-quality written and oral reports with concise findings, risk ratings, conclusions, and actionable recommendations for the Auditor General and senior management.
Conduct follow-up reviews to assess implementation status of prior audit recommendations and monitor management’s corrective actions.
Support outsourced audits to ensure timely completion and quality reporting and contribute to external audit coordination.
Maintain and enhance computerized audit software, tools, and automated techniques. Train other audit staff in their use and develop methods for reviewing computerized systems.
Deliver training and coaching for audit staff and stakeholders across ECOWAS institutions on IT audit techniques, computerized audits, and succession planning.
Coordinate with external auditors, legal authorities, administrative departments, and law enforcement as appropriate. May serve as expert witness in legal proceedings.
Serve as a Super User for Governance, Risk Management, and Compliance (GRC) systems, providing risk insights and recommendations on IT and enterprise risk matters.
Conduct or support operational, compliance, financial, and investigative audits aligned with institutional priorities.
Contribute to the continuous review and enhancement of audit methodologies, frameworks, and tools to support a highly effective audit directorate.
Stay current with evolving technology trends, digital innovations, and emerging audit tools relevant to modern IS audit functions.

Promote IT Governance Best Practices:

Advise ECOWAS institutions on implementing IT governance frameworks (e.g., COBIT) to align IT investments and resources with organizational goals and ensure accountability in decision-making.
Evaluate Business Continuity and Disaster Recovery (BC/DR):
Review the design, documentation, and testing of BC/DR plans to ensure data availability, minimal service disruption, and institutional resilience during system outages or cyber incidents.

Audit Third-Party and Cloud Service Providers:

Assess the security, performance, and compliance of outsourced IT services, including cloud providers, to ensure proper SLA adherence, data sovereignty, and risk exposure control.

Support Digital and E-Government Audits:

Provide assurance on the governance, security, and reliability of e-government platforms and digital public services offered by ECOWAS entities, including portals, mobile apps, and citizen databases.

Advise on Ethical Use of IT and Data:

Monitor the ethical implications of technology use within ECOWAS—such as data misuse, algorithmic bias, and surveillance—and provide guidance to ensure adherence to institutional values and legal frameworks.
Perform other duties as assigned in support of the Office of the Auditor General’s mandate and ECOWAS-wide audit coverage.

Academic Qualification & Experience
Education:

Bachelor’s Degree in computer science or related discipline from a university of recognized standing.

Professional Certifications:

CISA (Certified Information Systems Auditor) is desired.
Having CRISC, CGEIT, CISSP, and ISO 27001 Lead Auditor would be an added advantage.

Experience:

Minimum Experience Requirement:
At least five (5) years of progressively responsible experience in planning, design, implementation, audit, and evaluation of IT systems, cybersecurity frameworks, digital platforms, and enterprise-level applications.

Audit-Specific Competence:

Proven experience in conducting IT audits in accordance with ISACA/INTOSAI/AFROSAI-E standards.
Demonstrated ability to review and evaluate IT General Controls (ITGCs), application controls, and cybersecurity safeguards.
Experience using the TeamMate+ audit management software.

Regulatory and Compliance Knowledge:

In-depth knowledge of data protection regulations (e.g., GDPR or ECOWAS Data Protection Act), and information security frameworks (e.g., ISO/IEC 27001, NIST, COBIT 5/2019).
Familiarity with ECOWAS ICT policy framework, regional cyber laws, and procurement policies.

Risk Management & Governance Acumen:

Experience evaluating enterprise risk management (ERM) structures and risk registers.
Demonstrated knowledge of IT governance structures, strategic alignment, and GRC tools (Governance, Risk, and Compliance).

Digital and Emerging Technology Literacy:

Awareness of emerging risks related to AI, cloud services, digital transformation, remote work infrastructure, and e-government services.
Experience auditing cloud-based systems (AWS, Azure) and third-party/vendor IT environments.

Project and System Lifecycle Oversight:

Competence in reviewing system acquisition, digital project delivery, and post-implementation reviews.

Disaster Recovery and Continuity Assurance:

Ability to assess and audit Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP), including testing, documentation, and resilience.

Analytical and Communication Skills:

Strong written and verbal communication skills to draft concise audit reports, communicate technical risks, and present findings to senior executives and governing bodies.
Proven ability to influence auditee cooperation and foster improvements without compromising independence.

Cross-Functional Collaboration Experience:

Demonstrated history of working across finance, legal, procurement, IT, and HR teams during audits.

ECOWAS Key Competencies:
Leadership:
Strategic Thinking and Foresight:

Ability to anticipate long-term IT and audit trends, assess emerging risks (e.g., AI, cybersecurity), and align audit priorities with organizational strategy.

Decision-Making Under Uncertainty:

Ability to make sound, defensible decisions in complex or ambiguous situations, particularly when evaluating residual risks or incomplete data.

Emotional Intelligence and Integrity:

Ability to maintain composure, self-awareness, and professionalism under pressure, while demonstrating empathy and fairness at work.

Change and Agility:

Ability to champion innovation, manage resistance to change, and promote adaptive thinking within audit environments.

Conflict Management and Negotiation:

Skilled in resolving conflicts objectively and diplomatically, especially when audit findings are contested or sensitive.

Cross-Functional Collaboration:

Ability to collaborate with multidisciplinary teams (Legal, HR, Finance, Procurement) and foster mutual understanding of risks and control implications.

Cultural and Political Sensitivity: