Who We Are

Moniepoint is Africa’s all-in-one financial ecosystem, empowering businesses and their customers with seamless payment, banking, credit, and management tools. In 2023, we processed $182 billion and are Nigeria’s largest merchant acquirer. We are on a mission to create financial happiness for everyone, everywhere.

What We Do

At Moniepoint, we are a customer-focused community dedicated to crafting solutions that redefine our industry. We leverage artificial intelligence and data-driven best practices to support our businesses, from providing credit and overdrafts to ensuring every transaction is secure.

Curious about what makes Moniepoint an incredible place to work? Check out our stories on how we cultivate a culture of innovation, teamwork, and growth.

Role Overview

The Product Auditor provides independent assurance over the design, implementation, and operating effectiveness of product controls across payment, wallet, settlement, switches and other related products across the organisation

The role ensures that new and existing products are deployed with adequate financial, operational, security, and regulatory controls, safeguarding the organization against revenue leakage, settlement failures, regulatory breaches, and technology-driven risks.

The Product Auditor will independently evaluate product risk exposure and control maturity prior to scale.

Key Responsibilities 

Audit Universe & Risk-Based Planning

• Maintain a living Product Audit Universe covering all payment products, features, and integrations ranked by risk. 
• Own the annual Product Audit Plan, ensuring coverage is allocated dynamically based on risk ratings, product complexity, regulatory sensitivity, and change velocity.

Product Design & Control Assurance

• Review PRDs, business rules, and transaction workflows to identify logic gaps, unmitigated risk paths, and missing exception-handling routines before products reach production/go-live. 
• Analyse product path scenarios, verify Maker-Checker enforcement, and provide formal control design sign-off before any material release goes live.

Live Product Assessment ( Continuous Audit Review)

• Periodically assess live payment products to confirm they continue to operate within approved design parameters. 
• Detect configuration drift, identify silent divergence from original PRDs, and analyse live transaction data for emerging risk patterns.

Go-Live Readiness & Control Gate

• Execute mandatory pre-production Product Audit reviews as an independent control gate for all material releases. 
• Confirm reconciliation logic, exception queues, and fallback controls are tested and functional. 
• Escalate critical deficiencies with risk ratings and hold recommendations where a product is not safe to release.

Transaction Logic & Mathematical Integrity

• Interrogate the Fee Engine using SQL to mathematically prove that commissions, VAT, discounts, and splits are posted with complete precision. 
• Validate duplicate prevention mechanisms and ensure transaction integrity within complex, multi-step payment sequences, and test reversal, refund, and chargeback logic to confirm financial symmetry is maintained in every scenario.

Settlement & Ledger Integrity

• Trace fund flows, confirming continuous synchronisation between wallet sub-ledgers and the General Ledger. 
• Assess reconciliation logic for breaks and evaluate the authorisation, documentation, and reversibility of manual settlement overrides.

Product Change & Configuration Integrity

• Confirm that all product modifications: fee tables, routing rules, limit parameters passed through an approved change management cycle. 
• Identify silent changes made outside formal release processes and audit the integrity of product master data to ensure it is access-controlled, version-tracked, and consistent with approved product terms.

Vendor & Third-Party Product Risk

• Assess controls over vendor-managed product components, evaluate SLA performance against contractual commitments, and identify single-vendor dependency risks within critical payment flows. 
• Evaluate the organisation's ability to detect unilateral changes in third-party API behaviour, fee logic, or settlement processes.

Control Advisory & Stakeholder Engagement

• Engage product and engineering teams early in the design cycle to provide informal control advisory, reducing findings at the formal review stage without compromising independence. 
• Participate in design reviews and architecture discussions, and build a control-by-design culture across product teams. 

Incident Review, RCA & Regulatory Alignment

• Lead post-incident reviews for product failures,producing structured RCA reports that identify underlying logic failures, not just surface symptoms. 
• Assess corrective actions for adequacy and track findings to verify closure. 
• Ensure product logic complies with CBN guidelines, PCI DSS, and consumer protection obligations at the design level, and evaluate the regulatory impact of new features before release.

Reporting & Governance

• Prepare risk-rated audit reports for Executive Management and the Audit Committee, leading with findings, financial impact, and required action. 
• Maintain a Product Risk Register, deliver quarterly control maturity updates, and ensure governance bodies are never surprised by a product failure that was visible at the design or portfolio review stage.

Required Knowledge & Skills 

Technical Skills

• Advanced SQL for independent data extraction and transaction interrogation
• Payment systems architecture : Wallets, card processing, direct debit, settlement, and reconciliation
• API and integration literacy (Basic)
• End-to-end transaction lifecycle knowledge: Authorisation, posting, clearing, settlement, and exception handling
• PRD and process flow analysis: translating product documentation into control flowcharts
• Mathematical precision: fee calculations, interest computations, and split payment structures
• Pattern recognition: detecting anomalies, outliers, and irregularities in large transaction datasets

Audit & Risk Skills

• Risk-based audit methodology: IIA Standards and COSO framework applied to financial products.
• Control design logic and evaluation
• Root cause analysis
• Regulatory knowledge: CBN payment system regulations, PCI DSS, NDPR,Nigerian consumer protection obligations etc

Interpersonal & Professional Skills

• Stakeholder engagement
• Professional scepticism and independence
• Risk-rated report writing

Tools & Platforms

• SQL (PostgreSQL / MySQL / MSSQL)
• AdvancedExcel / Google Sheets
• Claude / AI Tools

Qualifications

• Education: Bachelor’s degree in Computer Science, Engineering, Mathematics, Finance, or a related quantitative discipline
• Experience: 3–5+ years in Product Audit, Systems Audit, Financial Data Analytics, or Payment Operations within a fintech or financial services environment
• Certifications: CISA, CIA, or CFE preferred. ACA / ACCA is acceptable when combined with strong technical product experience and data analytics.
• Sector Knowledge: Demonstrated hands-on familiarity with payment product architecture, wallet systems, and regulated payment flows in a Nigerian or comparable market context.

What We Offer You

• Culture: We put our people first and prioritize the well-being of every team member. We’re human, we listen, and we look out for one another.
• Learning: We’re big on growth. You’ll find an environment focused on knowledge sharing, training, and helping you reach your potential.
• Compensation: You’ll receive an attractive salary, pension, health insurance, and an annual bonus, along with other great benefits.

What to Expect in the Hiring Process

1. A preliminary phone call with our recruiter.
2. An interview with the hiring team.
3. A final conversation with a member of our executive team.

Moniepoint Inc. is an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees and candidates.

Who we are

Moniepoint is a financial technology company digitising Africa’s real economy by building a financial ecosystem for businesses, providing them with all the payment, banking, credit and business management tools they need to succeed. 

About the role

Location: Remote (Full-time)

How Will You Create Impact?

• Develop and implement the annual ITGC and ITACs internal control assessments plan across all IT and cybersecurity domains, ensuring alignment with the COSO framework , relevant ISO standards and the standard Moniepoint MFB business requirements.
• Plan and execute internal control assessments to establish the adequacy and effectiveness of information systems and critical infrastructure within Moniepoint MFB and to determine whether information systems are protected, controlled, and meet the intended functional design of business models defined in BRD/PRD.
• Assess the IT and Cybersecurity risk ownership and their related risk registers to determine whether the risk universe has been sufficiently captured and mitigating controls adequately designed and operated
• Assess the monitoring and reporting of IT and CyberSecurity key performance indicators (KPI/OKRs) and the IT/CyberSecurity key risk indicators (KPIs), incorporating metrics relevant to the effectiveness of controls.
• Assess and report on Moniepoint MFB’s ability to continue business operations, storage, back-up, and restoration policies and processes for effectiveness and resilience.
• Assess logical, physical, and environmental controls within Moniepoint MFB to verify the confidentiality, integrity, and availability of information assets
• Assess controls at all stages of the information systems development life cycle.
• Assess the governance around information systems for gaps in implementation and change management.
• Assess the level of post-implementation reviews on systems in place to determine whether project deliverables, controls, and requirements are met.
• Assess Moniepoint MFB’s database management practices, data governance program, and privacy program.
• Assess data classification practices for alignment with the Moniepoint MFB data governance program, privacy program, and applicable external requirements.
• Assess Moniepoint MFB’s problem and incident management program.
• Assess Moniepoint MFB’s change, configuration, release, and patch management programs, evaluating their effectiveness in mitigating vulnerabilities.
• Assess Moniepoint MFB’s log management program, testing and reporting on its role in detective controls.
• Assess IT strategy, governance, and organizational structure for alignment with the enterprise risk management posture of Moniepoint MFB, integrating principles from ISO 31000.
• Oversee the communication and collection of feedback on controls design and operational effectiveness tests, general control assessment findings and recommendations with stakeholders within Moniepoint MFB, ensuring clear and timely information exchange.
• Develop and manage the control deficiency remediation dashboard for follow-up and closure of open findings from control assessment, internal audit, and any external examination and assessment for each SBU and specific core units within Moniepoint MFB.
• Oversee the conduct of post-review follow-up assessments to evaluate whether all identified open findings from all assessments have been sufficiently mitigated.
• Carry out any other task, as might be assigned or becomes necessary to improve the information system security posture and the internal control maturity model of Moniepoint MFB, with a continuous focus on the principles of the COSO framework and the specified ISO standards.

Skills and Qualifications

• Educational Background: A Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Certifications: Relevant professional certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Security Professional), or others related to IT audit, cybersecurity, or risk management.
• Experience: Proven experience in IT internal control assessments, IT auditing, or a related field, with a strong understanding of IT General Controls (ITGC) and IT Application Controls (ITACs). Experience in the banking or financial services sector is often preferred.
• Framework and Standard Knowledge: In-depth knowledge and practical experience with the COSO internal control framework and relevant ISO standards, including ISO 31000 (Risk Management), ISO 27001 (Information Security), ISO 22301 (Business Continuity), ISO 37301 (Compliance Management), and ISO 9001:2015 (Quality Management System).
• Technical Understanding: A solid understanding of information systems, critical infrastructure, cybersecurity domains  and the information systems development life cycle.
• Assessment Skills: Strong planning and execution skills for conducting internal control assessments, including design and operations effectiveness testing.
• Risk Management: Experience in assessing IT and CyberSec risk ownership, risk registers, and integrating principles from ISO 31000.
• Communication: Excellent written and verbal communication skills to effectively communicate assessment findings, results, and recommendations to stakeholders at various levels.
• Analytical Skills: Strong analytical and problem-solving skills to identify control deficiencies, assess their impact, and develop remediation plans.
• Organizational Skills: Excellent organizational and time management skills to manage multiple assessments, remediation efforts, and reporting requirements.
• Attention to Detail: Meticulous attention to detail to ensure accuracy in assessments, documentation, and reporting.
• Integrity and Professionalism: High level of integrity and professionalism in handling sensitive information and maintaining objectivity in assessments.

What to expect in the hiring process

• A preliminary phone call with the recruiter 
• A Panel Interview
• A case study assessment
• A behavioural and technical interview with a member of the Executive team.

Moniepoint is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees and candidates.