IT General Control Officer

Who we are

Moniepoint is a financial technology company digitising Africa’s real economy by building a financial ecosystem for businesses, providing them with all the payment, banking, credit and business management tools they need to succeed. 

About the role

Location: Remote (Full-time)

The IT General and Application Control Manager is a critical role responsible for developing and implementing internal control assessments across all IT and cybersecurity domains within Moniepoint MFB. This position focuses on ensuring the adequacy and effectiveness of information systems and critical infrastructure, verifying that they are protected, controlled, and aligned with business models. The manager will assess IT strategy, governance, and organizational structure, oversee communication of assessment findings, manage control deficiency remediation, and conduct follow-up assessments. A key aspect of the role involves assessing risk ownership and risk registers, monitoring KPIs and KRIs, and evaluating business continuity and information asset protection. The position requires a deep understanding of internal control frameworks, particularly COSO, and relevant ISO standards (ISO 31000, ISO 27001, ISO 22301, ISO 37301, ISO 9001:2015), with a specific focus on testing and reporting on control effectiveness.

How Will You Create Impact?

• Develop and implement the annual ITGC and ITACs internal control assessments plan across all IT and cybersecurity domains, ensuring alignment with the COSO framework , relevant ISO standards and the standard Moniepoint MFB business requirements.
• Plan and execute internal control assessments to establish the adequacy and effectiveness of information systems and critical infrastructure within Moniepoint MFB and to determine whether information systems are protected, controlled, and meet the intended functional design of business models defined in BRD/PRD.
• Assess the IT and Cybersecurity risk ownership and their related risk registers to determine whether the risk universe has been sufficiently captured and mitigating controls adequately designed and operated
• Assess the monitoring and reporting of IT and CyberSecurity key performance indicators (KPI/OKRs) and the IT/CyberSecurity key risk indicators (KPIs), incorporating metrics relevant to the effectiveness of controls.
• Assess and report on Moniepoint MFB’s ability to continue business operations, storage, back-up, and restoration policies and processes for effectiveness and resilience.
• Assess logical, physical, and environmental controls within Moniepoint MFB to verify the confidentiality, integrity, and availability of information assets
• Assess controls at all stages of the information systems development life cycle.
• Assess the governance around information systems for gaps in implementation and change management.
• Assess the level of post-implementation reviews on systems in place to determine whether project deliverables, controls, and requirements are met.
• Assess Moniepoint MFB’s database management practices, data governance program, and privacy program.
• Assess data classification practices for alignment with the Moniepoint MFB data governance program, privacy program, and applicable external requirements.
• Assess Moniepoint MFB’s problem and incident management program.
• Assess Moniepoint MFB’s change, configuration, release, and patch management programs, evaluating their effectiveness in mitigating vulnerabilities.
• Assess Moniepoint MFB’s log management program, testing and reporting on its role in detective controls.
• Assess IT strategy, governance, and organizational structure for alignment with the enterprise risk management posture of Moniepoint MFB, integrating principles from ISO 31000.
• Oversee the communication and collection of feedback on controls design and operational effectiveness tests, general control assessment findings and recommendations with stakeholders within Moniepoint MFB, ensuring clear and timely information exchange.
• Develop and manage the control deficiency remediation dashboard for follow-up and closure of open findings from control assessment, internal audit, and any external examination and assessment for each SBU and specific core units within Moniepoint MFB.
• Oversee the conduct of post-review follow-up assessments to evaluate whether all identified open findings from all assessments have been sufficiently mitigated.
• Carry out any other task, as might be assigned or becomes necessary to improve the information system security posture and the internal control maturity model of Moniepoint MFB, with a continuous focus on the principles of the COSO framework and the specified ISO standards.

Skills and Qualifications

• Educational Background: A Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Certifications: Relevant professional certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Security Professional), or others related to IT audit, cybersecurity, or risk management.
• Experience: Proven experience in IT internal control assessments, IT auditing, or a related field, with a strong understanding of IT General Controls (ITGC) and IT Application Controls (ITACs). Experience in the banking or financial services sector is often preferred.
• Framework and Standard Knowledge: In-depth knowledge and practical experience with the COSO internal control framework and relevant ISO standards, including ISO 31000 (Risk Management), ISO 27001 (Information Security), ISO 22301 (Business Continuity), ISO 37301 (Compliance Management), and ISO 9001:2015 (Quality Management System).
• Technical Understanding: A solid understanding of information systems, critical infrastructure, cybersecurity domains  and the information systems development life cycle.
• Assessment Skills: Strong planning and execution skills for conducting internal control assessments, including design and operations effectiveness testing.
• Risk Management: Experience in assessing IT and CyberSec risk ownership, risk registers, and integrating principles from ISO 31000.
• Communication: Excellent written and verbal communication skills to effectively communicate assessment findings, results, and recommendations to stakeholders at various levels.
• Analytical Skills: Strong analytical and problem-solving skills to identify control deficiencies, assess their impact, and develop remediation plans.
• Organizational Skills: Excellent organizational and time management skills to manage multiple assessments, remediation efforts, and reporting requirements.
• Attention to Detail: Meticulous attention to detail to ensure accuracy in assessments, documentation, and reporting.
• Integrity and Professionalism: High level of integrity and professionalism in handling sensitive information and maintaining objectivity in assessments.

What to expect in the hiring process

• A preliminary phone call with the recruiter 
• A Panel Interview
• A case study assessment
• A behavioural and technical interview with a member of the Executive team.

Moniepoint is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees and candidates.