Team Lead, Information Security and IT Risk Management at ARM Hold Co.

Location: Ikoyi, Lagos

Job Objective(s)

• Responsible for managing the IT Risk function through the identification of potential vulnerabilities and gaps in security controls, and recommendation / implementation of appropriate information security requirements, policies, practices, and standards across the organization to ensure confidentiality, integrity and availability of organizational data.

Duties and Responsibilities

• Stakeholder Management: Proactively seek to build mutually beneficial, and trusting relationships with internal stakeholders - especially client functions, and understand their risk landscape, with the aim of delivering operational impact.
• IT Risk Management Framework: Maintains and enforces the system risk management and information security risk management framework/methodology.
• Develop IT Risk Metrics: Design relevant risk metrics to enable senior management to make risk based decisions and assist with the development and management of policies, standards, guidelines and training.
• Coordinate IT Risk Assessments: Manage or coordinate activities supporting enterprise-wide IT technology audits and risk assessments. This includes periodic control testing efforts, as well as working with internal and external auditors.
• Manage User Access Rights: Conducts user access audits to ensure compliance with role based access and segregation of duties.
• IT Risk Policies: Monitors compliance with information security policies. Effectively communicates and reports violations, conflicts and concerns to senior management. The Position Holder is also responsible for the development of organization-wide information security compliance policies in line with regulatory requirements.
• Vendor Management: Develop information security risk assessment review as part of the contract renewal process for vendors, and coordinates the risk assessment & information security review for all new vendors.
• Cyber Security: Performs procedures to ensure the security of information systems assets and to protect them against intentional or inadvertent access or destruction. Responsible for developing an Incident Response Management Plan and training Incident Response Team. The Position Holder is also responsible for managing action plans in response to information security risk assessment, tracks status and reports to Senior IT Management.
• Support Team’s Development: Provide advice, guidance and assistance to less experienced colleagues as required.

Requirements

• Minimum of 9 years of work experience
• Bachelor's Degree from an accredited university
• Professional certification in IT risk from a recognized professional body (e.g. CISA, CISSP, CGRISC e.t.c).