108
Job Description
The IT Risk Manager will be responsible for identifying, assessing, and prioritizing IT risks within the Dangote Group.
Responsibilities
- Conduct objective, fact-based risk assessments on new and existing systems and share findings with all stakeholders within the information system.
- Managing IT Risk environment including related policies, standards, and processes.
- Manage the risk portfolio to include linking risk to controls, coordinating control owners to conduct RSCAs, and appropriately documenting control statements.
- Understand and provide advice on managing cybersecurity risks; collaborate with other IT professionals as needed to address new emerging threats.
- Manage the self-identified issue process; acceptance of issues; tracking SIIs and audit issues to closure.
- Develop and implement a cyber security defense strategy, including business continuity and disaster recovery procedures.
- Identify threats and conduct risk assessments to address cyber security risks.
- Work with the team to improve the security posture of the business and reduce its risk profile.
- Conduct on-site security assessments to measure the effectiveness of the third party’s current control environment.
- Knowledge and experience in information security standards. (ISO 27001, NIST, CIS, OWASP Top 10, Security Essentials).
- Maintain close working relationships with appropriate teams across and outside of IT.
- Work closely with all areas to ensure clear risk visibility with all IT staff.
- Provide Continuous Control Monitoring through Key Risk Indicators, providing challenges to KRIs.
- Establish and monitor key risk indicators and also implement corrective action plans to mitigate risks.
- Work closely with Group Risk Management, ensuring that IT risks are reported as required to the Group Risk Board Committee and aligned with risk appetite and risk tolerance levels.
- Maintain an awareness of potential Emerging Risks and ensure these are recorded, visible, and considered in all new technology initiatives and financial planning activities.
- Provide oversight of all risk events ensuring they are recorded, investigated, closed-off, or escalated as necessary.
- Promote a culture of risk Awareness within the IT department.
Qualification
- Bachelor’s Degree in Economics, Accounting, or a related discipline.
- Must have a strong technical background with at least 15 years of experience in risk management, demonstrating proven skills in IT risk and/or IT governance.
- Possession of certifications such as CRISC, CISA, CISM, CISSP, or other relevant qualifications will be beneficial.
- This position requires knowledge and expertise in Information Security GRC, including familiarity with IS027001, NIST, OWASP, and PSI-DSS.
- Desirable to know about risk management and cyber security controls, as well as experience with related tools.
- Strong policy writing experience is required.
- Must be able to effectively communicate with senior stakeholders regarding information risk.
- Ability to build relationships with stakeholders at all levels is essential.
- Capable of presenting complex information to various audiences.
- Must be able to thrive in a fast-paced environment.
- Knowledge and understanding of Privileged Access Management, Patch Management, SOC Visibility, and Business Continuity is preferred.
- Familiarity with Control/Vulnerability Assessment and Penetration Testing methodologies.
- Experience in utilizing and customizing various information security and risk management tools, including but not limited to Nessus Tenable, Acunetix, Burp Suite, Nipper Tool, and others, to detect and communicate IT risks.
- Ability to work in a cross-cultural and cross-functional environment.
- Prior experience working in the manufacturing sector is a plus.
Location: Lagos, Nigeria.
Apply: IT RISK MANAGER