- We are currently recruiting for a Manager, IT Risk & Control. In this role, you will be responsible for establishing an acceptable IT risk profile for the business and promoting adherence to information risk standards and procedures aimed at protecting the company’s systems from internal and external threats while ensuring that end-to-end security (frontline to back-end/ data centre) is maintained.
Key Roles & Responsibilities
- Drive second-line IT Control reviews across Applications, Infrastructure and Network Operations Centre (NOC).
- Conduct regular SOX testing across application, database and operating system.
- Build awareness of new and evolving IT risks across the business and implement appropriate systems and processes which ensure that information risks are detected early and proactively managed with timely remediation when undesired events occur.
- Contribute towards establishing credible risk governance, promoting an integrated risk management mindset at all levels, and promoting an execution approach which appropriately prioritizes actions based on business impact.
- Interface with internal and external auditors and drive remediation of all gaps identified during audit
- Manage testing of all CUEC in line with SOC reports requirement.
- Manage the monthly user access review across 10 operating countries.
- Manage and ensure applicable national laws that concern IT are identified and adhered to.
- Lead the identification of Key Risk Indicators (KRIs) across the business based on up-to- date situational analyses and trends and drive effective risk oversight by providing timely and relevant information on KRIs.
- Coordinate and manage the annual IT Risk assessment in line with the company’s Risk assessment methodology.
- Plan and execute quarterly IT General Control (ITGC) audits, complete with detailed findings and remediation follow-ups.
- Liaise with Enterprise Risk, Internal Audit, and other relevant functions across the business to ensure that all risk registers and compliance-related documentation are up to date in line with the overall enterprise risk management approach.
- Conduct continuous risk assessments and business impact analyses for new and existing solutions.
- Stay informed of all IT risks before they are highlighted by Audit or 3rd-parties. Ensure closure of open audit items. Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically.
- Identify potential threats to the confidentiality, integrity, and availability of the company’s systems and network.
- Identify and architect appropriate security technologies based on risks, policies and architecture. Support IT Architecture Review process and evaluate associated security of the proposed architectures.
- Perform other tasks and duties as assigned by the Associate Director, IT Governance, Risk & Control.
Experience & Qualifications Required
- Bachelor’s and/ or Advanced degree in Computer Science or any related disciplines.
- +9-10 years’ relevant experience in IT Control, Information Security, IT Audit and Risk.
- Professional certification: CISA, ISO27001:LA, ISO270005 Lead Risk Manager
- Prior experience working with a ‘’Big 4’’ professional services firm will be an asset.
- Hands-on experience in Control review, VPN, Windows server, Linux server, MPLS, RMS.
- Demonstrable experience with change management, user access management, segregation of duties matrix, and incident response.
- Thorough understanding of the latest security principles, techniques, and protocols
- Hands-on experience in security systems review, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
- Demonstrable experience with network security and networking technologies as well with systems, security, and network monitoring tools.
- Demonstrable familiarity with web-related technologies (web applications, web services, service-oriented architectures), and network/ web-related protocols.
- Be Bold
- Customer Focus
- IT Security Administration
- IT Policies, Procedures & Standards
- IT Operations
- Incident Management
- SOX Compliance
- Risk Assessments
- Security Assessments
- Security Monitoring & Reporting
- Continuity & Disaster Recovery
- Business Communication.
- Analytical Thinking
- Continuous Learning
- Collaboration & Teamwork.
Method of Application
Interested and qualified? Go to IHS Towers on www.linkedin.com to apply