Newsletter

Connect

DUTIES/RESPONSIBILITIES:

Assess the adequacy of IT governance structures and alignment with PFA strategic objectives.
Identify key IT risks and evaluate associated controls across applications, infrastructure, cybersecurity, and data management.
Conduct periodic IT risk assessments and recommend mitigation measures.

Application & Systems Audit

Review core pension administration systems (e.g., contributions processing, RSA management, benefits administration).
Assess controls around system configuration, logical access, change management, and data integrity.
Validate automated controls and ensure system processes comply with PenCom regulations and internal policies.

3. IT General Controls (ITGC) Review

· Evaluate IT general controls across:

o Access Control (user access, password policies, privileged access).

o Change Management (system updates, patches, migration controls).

o Backup & Recovery (DR sites, redundancy, data availability).

o Operations Management (job scheduling, incident management).

· Assess third-party service providers and outsourced technology functions.

4. Cybersecurity & Data Protection Compliance

· Review network security controls, endpoint protection, firewall rules, and vulnerability management.

· Assess adherence to NDPR/NDPC data privacy requirements.

· Evaluate the PFA’s cybersecurity framework for resilience against threats.

5. Business Continuity & Disaster Recovery

· Review of the adequacy of Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP).

· Participate in DR drills and assess gaps in recovery processes.

6. Audit Execution & Reporting

· Develop IT audit programs and execute audits in line with the annual audit plan.

· Document audit findings, root causes, and risk implications.

· Prepare and present clear audit reports with actionable recommendations.

· Monitor remediation of IT audit issues and track compliance.

7. Collaboration & Advisory

· Provide advisory support on new systems implementation, upgrades, and technology-driven projects.

· Work with Internal Control, Risk Management, ICT, and Compliance teams to strengthen the control environment.