Risk Advisory, Systems & Process Assurance Senior…

IPMC is part of the Sustainable Development Network of the Federal Republic of Nigeria and is responsible for: a) the quality of the social development aspects of the governments lending and non-lending operations, and b) quality enhancement of the social development portfolio. We seek to empower the poor by increasing their social assets and capacities. It aims to promote inclusive institutions, thereby increasing opportunities for more secure livelihoods, ultimately creating more gender-equitable, inclusive and just societies. IPMC contributes to increased development effectiveness and helps projects, programs, and policies better meet their goals and objectives. IPMC is currently implementing an initiative to formulate an operational framework for enhancing development benefits to the Urban Water Sector Reform, facilitate Water supply and Sanitation projects in local communities as part of the wider Sustainable Development Network’s effort to ensure that infrastructure projects are socially and environmentally sustainable.

Job Description:
The Senior Associate will be an integral team member by assisting with planning engagements, conducting fieldwork, discussing findings and observations during client exit meetings, preparing work papers to support conclusions, reviewing staff work papers, and preparing written attestation reports.
The Senior Associate should have a strong knowledge-level of financial, operational, and/or information technology, internal controls, identifying risks and related controls, as well as performing test work of identified significant controls. The candidate should also be capable of conducting audit and attestation engagements independently and in-charging an engagement team.

Responsibilities:
Performing technology risk assessments and reviewing, documenting, evaluating and testing information technology controls including change management, security, backup, and operations controls, in a wide range of computing environments, for internal audit, Sarbanes-Oxley, and Service Organization Control (SOC) engagements.
Observing, reviewing, documenting, and testing key business process transactions, access controls, segregation of duties and automated controls for internal audit, Sarbanes-Oxley, and SOC engagements.
Ensure the delivery of high-quality deliverables and compliance with quality assurance and independence policies on engagements covering SOC 1 and SOC 2 reports, readiness reviews, and AT101 client engagements.
Assessing IT security policies, procedures, and controls of our clients’ business applications, networks, operating systems, and other components of their technology infrastructure.
Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of ERP systems and software applications across a wide variety of client business processes.
Assisting financial audit and Sarbanes-Oxley compliance teams in the identification of control objectives and the design of control procedures to address those objectives.
Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans.
Determining the technical and business impact of identified security and control issues and providing remediation guidance to clients.
Communicating findings and recommendations to client personnel.

Qualifications:
Bachelor's degree or equivalent
Three or more years of experience in IT audit, IT security, or other IT compliance-related work. Prior responsibilities should include performing IT risk assessments and controls reviews along with recommending, designing and advising on applicable IT controls
Security and controls experience in a widely used financial application (SAP, Oracle, JD Edwards, PeopleSoft, etc.) is preferred
Good understanding of relevant regulations and industry standards (e.g., SSAE 18/SOC 2, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, and GLBA) and best practices and methodologies to address these requirements. Ability to apply these requirements to organizational internal control frameworks
Professional certifications including Certified Information Systems Auditor® (CISA®), Certified Information Systems Security Professionals® (CISSP®); Certified Public Accountant (CPA), Certified Information Security Manager® (CISM®) and/or Certified Information Privacy Professional (CIPP)
Must be able to interpret and convey technical information to all levels of technical aptitude, including senior management. This includes written and oral communications
Ability to articulate, write and present information in a clear and understandable manner
Strong time management and organizational skills with the ability to manage multiple priorities successfully within a deadline-driven environment
Ability to travel primarily regionally