Reporting to the Senior Manager, carries out medium to high risk priority information systems, security and network audit work as assigned, in line with the audit plan and the standards and methodologies set by Internal Audit. This role also performs analysis on internal controls, risk management and effectiveness of the internal audit, providing recommendations on improvements, in order to ensure an increasingly robust internal audit process. This role focuses on the high-risk areas of MTN Ghana’s technology, security and network infrastructure by identifying key weaknesses in the design and operating effectiveness of controls and providing recommendations to address issues highlighted. This role is also required to ensure compliance to internal policies and external regulations, which entails keeping up to date with changes in legislation
Job Title: Auditor, Systems & IT Audit
- Lead and manage moderately complex/high risk/prioritized audit assignments on network, information systems and security controls. Execute technology, security and network infrastructure audit plans, to identify risks and vulnerabilities in control areas and to ensure that processes and systems comply with company policies, standard, procedures, statutory and regulatory requirements and best practices.
- Provide high quality and meaningful recommendations to management on technology and security controls, risk identification and mitigation and corporate governance, to ensure that control areas are robust as well as to ensure a solid control framework aligned to best practices and regulatory requirements. Performs analysis on internal control environment linking results of audit with related financial statement and internal control assertions.
- Serve as an actively engaged member of the technology, security and network infrastructure audit team directly executing high risk/priority internal audits on network, information systems and security controls: through analysing reports and logs, conducting system and process audits, conducting interviews and controls testing, providing status reports and preparing final audit reports, in line with internal standards and methodologies;
- Audit assignments and review engagements encompass technology solutions and processes impacting voices, data, SMS, Enterprise Business and Mobile Financial Services. Among others, the application and system architecture areas may cover; Business Support Systems that include Convergent Billing and Charging Solutions, Operations Support Systems (Core Network), Customer Relationship Management tools, Mobile Money Payment Platform, Middleware that include external and internal order fulfilment and orchestration, API Enablement to Core Applications, Enterprise Resource Planning that is a Shared Services hosted at MTN Group, Various access channels SMSC, USSD, Self Service, IVR, Mobile App etc.
- Reviews of technical architecture which may cover domains such as convergence of servers, server virtualization, storage systems and disaster recovery solutions, network devices and IP setups with load balancers, cloud enabled infrastructure, Revenue Assurance and Cybersecurity enabled tools and functionalities.
- Minimum of a Degree in Accounting/Information Systems/Computer Science
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Accountant or related qualification a plus.
- Network, operating system and database certifications
- Minimum of three years’ experience in information systems audit and/or information security
- Analytical and proficient in the use of ACL, IDEA and other CAATS
- Experience in penetration testing
- Experience in risk management, governance, security and compliance
- General understanding of telecoms and regulatory environment
- Basic knowledge of accounting principles, practices techniques and theories of financial reporting and internal controls
- Auditing standards, practices and techniques
- Project management knowledge
- Computer application used in auditing and data processing.
- Ability to interpret information and understand underlying commercial drivers of performance of Telecom industry.
- Ability to plan, implement and maintain a comprehensive audit program and audit activities.
- Analyze, evaluate and resolve basic internal control problems.
- Ability to identify information security vulnerabilities and technical controls standards for networks, operating systems and databases
- Knowledge in SQL and programming/scripting skills
Skills/ Physical competencies:
- A sense of accuracy & attention to detail
- Strong numerical skills
- Analytically sound
- Good communication and interpersonal skills at both individual and team level
- Report writing abilities
- Presentation skills
- Problem solving skills