So, obviously, we can't give you an actual peek behind the curtain for -privacy reasons -but here's a bit of context: in today’s data-driven world, our digital footprints are everywhere, and safeguarding that information has never been more critical. Financial institutions, in particular, are heavily regulated because they handle some of the most sensitive data out there. But who actually ensures that companies are keeping our information safe?

This is where an IT & Data Privacy Auditor comes to play  —a role you probably don’t hear about as much as finance auditors but is equally essential. This time, I sat down with Moniepoint’s digital gatekeeper, Abdulganeey, to get a closer look at how he protects our systems from the inside out.

Here’s how my conversation with Abdulganeey went: 

How would you explain what you do to a layman? 

Imagine going to a Moniepoint business with your ATM card to make a payment. You see the business owner using a small terminal to help you with your transaction, but there’s a lot more happening behind that terminal than meets the eye. That’s where technology comes in: the behind-the-scenes work ensures your transaction is secure, fast, and compliant with regulations.

Simply put, a series of “services” (or checks) happen in the background when you hand over your card. For example, once you enter your PIN, there’s a process to verify it’s correct before the transaction can proceed. Think of it as different “checks” or “approvals” happening in a split second to ensure everything is working securely and accurately.

My role is to ensure that all these technological systems and services operate securely, meet regulatory standards, and protect user data. For instance, when people use Moniepoint, they share sensitive information like card details and PINs. So, we follow rules like PCI DSS (for card transaction security), ISO standards (for general tech security), CBN regulations (from Nigeria’s Central Bank), and Nigerian data privacy laws. Each of these is a set of rules that help protect the data and keep everything running smoothly.

Finally, I also help ensure that only the right Moniepoint staff can access certain parts of the system. For example, if someone only needs to view information, they shouldn’t have permission to make changes or access other sensitive parts of the system. It’s about keeping things secure and organised to protect the technology and customer data as best as possible.

So, what’s the coolest part of being an IT & Data Privacy Auditor? 

What is the coolest part of being an IT and data Privacy Auditor? Honestly, it's the respect and authority that come with the role. You know, when people hear “auditor,” it can be a bit intimidating. But there’s also a certain respect tied to it. Because of my role, I can approach anyone in the organisation to ask for the information I need, and by virtue of what we call the audit charter, they have to provide it. 

The audit charter is essentially a document that allows auditors to request information whenever necessary. So, in a way, it’s a bit of a “flex.” I can simply say, “I need this information,” and they’re obliged to help. It’s an interesting aspect of the role because it ensures we have access to everything we need to keep systems secure and compliant, and no one can turn down an audit request!

Oh wow! But are there times when you feel people don’t understand the importance of what you do? 

Honestly, data privacy is the part of my role that often feels most overlooked. I've had discussions with colleagues, especially those in operations, who don’t fully grasp its importance. 

Here’s a simple example to illustrate it: when you apply for a job, you’re considered a "data subject.” This means you have significant rights over how your data is handled, though many people don’t realise just how much control they have. 

For instance, as a data subject, you could ask the employer to avoid using automated systems to review your application and request manual processing instead. If they disregard this and still use automation, you’d have grounds to take legal action and likely win. 

This example highlights the power of consent, an aspect of data privacy that often gets underestimated. Whenever someone shares personal information, they should be asked for consent, clarifying who can access or process it and under what conditions. However, many people don’t realise these rights, which is why data privacy deserves more attention and respect.

Before processing anyone’s data, we usually look out for key factors like consent, legitimate interest, public interest, performance of contract, legal obligation, and vital interest. A practical example of us at Moniepoint is our careers page. If you apply for a job on the careers page, you will see the “GDPR consent.” This allows Moniepoint to use the applicants' data for recruitment purposes. 

Talking about Moniepoint and being compliant, we also ensure that we have all the needed certifications such as the Nigerian Data Protection Commission (NDPC) certification and ISO certifications. This shows that we are consistently vigilant about our data privacy practices. 

Interesting. I know that you collaborate extensively with various teams, so what teams/departments are your “go-to partner in crime” for keeping data secure?

In my role, I collaborate closely with several core departments to effectively address data privacy and security issues. My go-to partners for fighting data breaches are primarily the Operations team, which includes the Network and Infrastructure team, and the Information Security team. They play a critical role in implementing security measures and maintaining the integrity of our systems.

I also frequently work with the Compliance team to ensure we adhere to all relevant regulations and standards. Legal is another important department, especially when we need to discuss Service Level Agreements (SLAs) and the legal implications of data handling. Additionally, I engage with the People Operations team to address controls from a staff perspective.

While I often interact with these teams, note that there's no department we don’t collaborate with in some capacity. However, the frequency and depth of collaboration are strongest with the teams I mentioned, particularly when it comes to proactively preventing data breaches and ensuring the security of our systems.

Let’s talk about our customers. How would you say your work helps our customers sleep better at night? 

My work directly contributes to our customers' peace of mind by ensuring their personal information is handled with the utmost care and security. In the financial sector, we often collect sensitive data, including customers’ dates of birth, home addresses, BVN, and NIN, so implementing robust controls is essential.

One of the key processes we have in place is user access review. This involves evaluating which staff members have access to sensitive customer information and to what extent. By examining their roles against the permissions they hold, we can determine if their access is appropriate. This role-based access control helps us restrict access to sensitive data only to those who truly need it for their job functions. 

By taking these measures, we not only safeguard our systems but also reassure our customers that their data is not just collected but protected. This level of diligence in data management helps instil confidence in our customers, allowing them to have peace of mind knowing that we are committed to preventing any misuse of their information.

To wrap up, if your life were to be a spy movie what movie would it be? Or if your life were to have a theme song, what would it be? 

If my life were to be a spy movie, it would resemble Captain America. Just like Captain America, my job revolves around security and protecting people. He’s always looking out for others and ensuring their safety, which aligns closely with my role in IT and data privacy.

As for a theme song, I'm having a bit of trouble recalling specific security-related songs, but I think something that embodies protection and vigilance would fit perfectly. It’s a tough call, but any song that highlights themes of heroism and safeguarding others would resonate with my mission in my work.

Away from work now, when you’re not fighting data breaches, how do you unwind? 

When I'm not busy fighting data breaches, I usually unwind by sticking to my phone. I have a keen interest in technology news, especially developments in artificial intelligence, which I find particularly exciting. I make an effort to stay updated on what's happening in the tech world and in Nigeria, even though I'm not always that interested in local news.

I also enjoy playing games, although I tend to get tired of them quickly. Overall, I find that keeping connected with technology helps me relax and stay engaged with my interests outside of work.

Thank you Abdulganeey! This was a delightful conversation!

If you'd like an actual peek behind our curtains, visit our careers page to join us!