R

JOB DESCRIPTION
Created : Aug 2012 Reviewed : April 2013

Job title Function Sub Function Grade Report to (1) Report to (2) II. JOB PURPOSE
Internal Control IS Control 3C

Network and IT Systems Security Control

Head, Internal Control IS Control, Group Internal Control

To provide assurance that controls are in existence and functioning effectively. Responsible for ensuring that eProcess Int. S.A. IS Control environment is secure and risks to it are identified quickly and managed accordingly. III. JOB PRINCIPAL ACCOUNTABILITIES Develop and maintain Information Security Assurance program and checklist for network and IT security in line with international standards and new technology developments. Identify network incidents, establish their root causes and ensure appropriate action is taken to mitigate these risks. Identify IT security risks and ensure appropriate action is taken to mitigate these risks. Conduct periodic reviews of all communications nodes including but not limited to routers, switches, firewalls and other communication gadgets. Develop metrics for and communicate key indicators of malicious activities on a regular basis. Ensure network sensors are tuned appropriately to detect and generate alerts on suspicious activities. Ensure all logs generated by the TACACS+ system are stored in a central repository and reviewed periodically Ensure network system is consistently and periodically monitored for breaches and data gathered is robust enough to support the prosecution of cyber criminals. Ensure a centralized logging and auditing system is in place for all network devices and generated logs are reviewed on a regular basis. Provide regular and relevant information/reports on incidents captured in logs generated by the log monitoring platforms to the Head of Internal Control. Ensure all penetration test and vulnerability scans are performed in a controlled and safe manner. Ensure there is continuous assessment and improvement processes in place concerning all security engineering activities/projects. Monitor computer networks/devices for security threats or unauthorized users and ensure compromised machines are reported and measures taken to address threats. Monitoring and analyzing perimeter security systems such as firewalls, routers, VPNs (including IPSEC), Cisco CSS content switches, IDSs, and other load balancers. Perform analysis of network security needs and contribute to the design of network architecture. Respond to all system security vulnerabilities and partner with other teams and third party vendors to resolve security issues. Assist in the evaluation of evidence gathered as a result of security breaches and ensuring that remediation activities are adequate. Evaluate and analyze the effect of all changes to network configurations and architecture as well as security devices. Review and evaluate the deployment of new technology products / services and their associated risks.

Periodically evaluate network and IT security projects to determine if they are performing in compliance with Management policies, procedures, goals and objectives and review effectiveness in the accomplishment of objectives and goals established for each project. Ensure resolution of all Audit and Internal Control exceptions by responsible officers with particular emphasis on network and IT security issues. Build and maintain key relationships with stakeholders, establishing a culture of engagement while adding value. Partner with team members within eProcess Internal Control to ensure that eProcess Internal Control is functional and fully visible. Contribute to a business climate and culture that encourages integrity, respect, excellence and innovation Carry out ad-hoc reviews and monitor and escalate key risk issues.

Contribute to and participate in enterprise-wide team initiatives with colleagues to share real-time information, establish best practices, identify risks, and refine processes.
Serve as a Subject Matter Expert on all security and network issues for the eProcess Internal Control department. Conducting regular security reviews and presenting status reports to the Head of Internal Control Perform other tasks that may be assigned by the Group Manager Information Systems Control.

IV. JOB CONTEXT CONTROL ASSURANCE Continuously review Audit and Internal Control exceptions and ensure these are resolved promptly Work with business units for risk identification and continuously review existing controls Provide reasonable assurance that controls are in place and working effectively COMPLIANCE Adherence to all Ecobank Group Policies and Procedures Ensure timely reporting to Head of Internal Control on monthly basis and adhoc basis as and when required Ensure timely reporting to Group Office on monthly basis and adhoc basis as and when required HUMAN RESOURCES Manages self to ensure team back-up and continuity during vacation/absences Pursue professional development opportunities, including internal and external training and professional association memberships and share information gained with team members.

V. JOB DIMENSION Interact with all levels of staff, giving feedback on risk and control issues identified during reviews Liaise with Functional Heads on risk and control issues affecting their respective areas Escalating risk and control issues and concerns to the Head of Internal Control

VI. JOB SKILLS/EXPERIENCE Experience years or more experience and skill set in the following areas: Security Policy Design and Troubleshooting, Infrastructure Design and Analysis Knowledge in Identity Management, Firewalls Security Reviews IT Security Framework Design and Implementation Understanding of Risk Assessment Tools and Methodology Proficiency in the use of database query tools and analysis. Some programming and/or advanced database skills required Understanding of change and service management Use of Information System audit tools and mechanisms Some programming and/or advanced database skills required Experienced in access control mechanisms and management Working knowledge in encryption methodologies and standards Risk management and banking internal controls Proven history of good planning Process management and the ability to run several projects independently Knowledge in project controls, monitoring and management. Extensive knowledge in Information Systems, Systems Architecture, Network Security and Corporate Governance audits. Extensive experience in implementation of the COSO and COBIT frameworks, auditing of General Computing Controls (GCC) Experience finding creative and effective Design Effectiveness (DE) as well as Operating Effectiveness (OE). Extensive knowledge of the following tools and applications: IP Packet Analysis - Ethereal, tcpdump Intrusion Detection - Snort/ACID, TippingPoint/CISCO Penetration Testing - Nessus/Nmap Cisco IOS Configuration (Netflow, ACLs, TAC+/Tacacs) Firewall Administration and review VPN Administration and Review Cisco MARS Administration Education University Degree in Computer Science/Engineering Equivalent professional qualification in Information Systems Security and/or Audit- CISA/CISSP Equivalent professional qualification in Project Management- PMP/PRINCE2 Equivalent professional qualification in Service Management-ITIL Analytical, Organized, Responsive individual who would not compromise on breaches of controls. Personal Strong interpersonal skills will ensure effectiveness in implementing new policies. attributes VII. APPROVAL Employee Name, Job title & Signature Supervisor Name, Job title &Signature Network and IT Systems Security Control Kweku MILLS Head, Internal Control

Country HR Head Name, Job title Rachel TCHIBOZO-DAGNON &Signature Head, Human Resources eProcess Int. S.A. Warning
The Use of this title does not indicate any limitation on your duties or job function and you may be assigned to different duties or asked to carry out additional duties from time to time.