Senior Lead - Technology Audit.Internal Audit and Fraud Management at MTN Nigeria

MTN Nigeria is part of the MTN Group, Africa\'s leading cellular telecommunications company. On May 16, 2001, MTN became the first GSM network to make a call following the globally lauded Nigerian GSM auction conducted by the Nigerian Communications Commission earlier in the year. Thereafter the company launched full commercial operations beginning with Lagos, Abuja and Port Harcourt. MTN paid $285m for one of four GSM licenses in Nigeria in January 2001. To date, in excess of US$1.8 billion has been invested building mobile telecommunications infrastructure in Nigeria. Since launch in August 2001, MTN has steadily deployed its services across Nigeria. It now provides services in 223 cities and towns, more than 10,000 villages and communities and a growing number of highways across the country, spanning the 36 states of the Nigeria and the Federal Capital Territory, Abuja. Many of these villages and communities are being connected to the world of telecommunications for the first time ever. The company\'s digital microwave transmission backbone, the 3,400 Kilometre Y\'elloBahn was commissioned by President Olusegun Obasanjo in January 2003 and is reputed to be the most extensive digital microwave transmission infrastructure in all of Africa. The Y\'elloBahn has significantly helped to enhance call quality on MTN network.

Reports To: Manager Technology Audit

Division: Internal Audit & Forensic Services

Mission:

Manage or conduct Technology, IT Security and Network Audit projects and consulting services relating to governance and risk identification for both MTN management and staff in order to review the goals, objectives and impact of a variety of economic, financial, operational and managerial programs in conformance with company policy and procedures, Group Internal Audit methodologies and IIA standards of professional practice.

Description:

• Create a holistic picture of each project to provide context for the findings, and implement procedures as required to perform Technology, Security, and Networks audits
• Manage expertise and resource planning and requirements for Technology, Security and Networks Audit assignments, special assignments, and management requests
• Manage the audit assignments’ progress and escalate any roadblocks to completion to the Senior Manager for intervention and resolution
• Ensure that IA methodology as prescribed by Group Internal Audit is strictly adhered to, including identifying and defining issues, developing criteria, reviewing and analysing evidence, and documenting Technology, Security and Networks processes and procedures
• Oversee and manage the work of the audit staff in conducting interviews, reviewing documents, developing and administering audit surveys, composing summary memos, and preparing working papers or audit operations
• Implement the audit program, recognise control weaknesses, assess the materiality of these weaknesses, and relate them back to the scope and objectives of the audit
• Review the audit programs to ensure the appropriate testing mechanisms
• Review and manage the work of the audit staff in identification, development, and documentation of audit issues and recommendations for improvement, as guided by Senior Manager Technology, Security and Networks
• Develop recommendations for bringing programs and operations into compliance with goals and objectives and write up reports to document findings
• Communicate the results, findings and recommendations of audit projects through written reports and face-to-face presentations on a timely basis to the Senior Manager: Financial and Operational Audit
• Ensure that the audit is carried out on the eGRC system in line with process and methodology as mandated by the Group Internal Audit and Forensics function
• Follow up on the implementation of audit recommendations in a timely manner
• Perform control adequacy and effectiveness reviews of business processes
• Interact with staff, Audit Managers, General Managers, BRM consultants, and when necessary, with Executive Management to obtain and/or communicate relevant information to achieve the objective/s of the Technology, Security and Networks Audit function
• Maintain all MTN and professional ethical standards and ensure internal audit activities are carried out in compliance with The International Standards for the Professional Practice of Internal Auditing (Standards) and IIA Code of Ethics
• Support the Senior Manager: Technology, Security and Networks in coordinating with the External Auditors where needed and facilitate their fieldwork within MTN
• Report on an ad-hoc basis on specific projects as and when necessary
• Oversee and coordinate all technical activities, the activities of direct reports and ensure all transaction and administrative documentation is recorded and available for business use.
• Continuously seek self-professional development to sharpen skills and capabilities in a versatile and evolving digital landscape.  

Education:

• First degree in a numerate discipline (Preferably BSc Electrical/ Electronics, Computer Engineering, Telecommunications, or Computer Science with strong predilection for engineering; or in any Systems oriented discipline)
• Fluent in English
• MSc or MBA in relevant field will be an added advantage

Certification:

• Certifications related to Auditing - Certified Information Systems Auditor (CISA) is required
• Certifications related to Cloud, Cyber or Technology Operations, such as Cloud provider certifications, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM)
• COBIT, CRISC, ISO 27001 LA, ITIL will be an added advantage

Experience:

3-7 years’ experience which includes;

• Minimum of 3 years’ experience in an area of specialisation; with experience in supervising others
• Experience working in a large organization
• Experience in internal audit function (with focus on Systems Audit) in a Systems/ IT/ Telecomm environment
• Worked across diverse cultures and geographies advantageous
• Knowledge of IT audit management 
• Project management
• Knowledge of data science and analytics is vital
• Information technology experience such as operations, software delivery, access management, microservices, cloud infrastructure, Artificial intelligence etc
• Information security experience such as application security, network security, cybersecurity, data protection etc
• Knowledge of technical infrastructure, operating systems, networks, databases, GSM networks, firewalls and systems
• Understanding of commonly used internal control frameworks, including COBIT, ISO 27001, ISO 20000, ISO 22301, NIST Cybersecurity Framework, ITIL, etc

Method of Application