Manager, Audit Risk & Compliance at MTN Nigeria

Job Description

• Responsible for the definition of MTN Nigeria information security policy, embedding security policy into operation and leading security risk assessment efforts and associated controls & reporting in line with the Group policies.
• Drive effective coordination and closure of all IS compliance activities, including control tracking and actual submissions for closure.
• Support the Shareholder return strategy by developing and implementing Information Systems Processes that are aligned to achieving all elements on the business score card.
• Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope
• Maintain effective working relationships with internal and external suppliers.
• Serve as liaison to auditors, consultants, and the bank Compliance Committee regarding documentation and review of information compliance
• Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
• Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
• Provide information systems control status reporting to relevant stakeholders to enable informed decision making.
• Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy
• Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
• Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
• Create and maintain a risk register to ensure that all identified risk factors are accounted for.
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
• Analyze risk scenarios to determine their impact on business objectives.
• Develop an information security strategy aligned with business goals and objectives and ensure aligning of information security strategy to corporate governance
• Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
• Interview process owners and review process design documentation to gain an understanding of the business process objectives.
• Analyze and document business process objectives and design to identify required information systems controls.
• Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
• Ensure all controls are assigned control owners to establish accountability and establish control criteria to enable control life cycle management
• Establish internal and external reporting and communication channels that support information security
• Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
• Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.
• Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
• Identify and evaluate risk response options and provide management with information to enable risk response decisions.
• Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy
• Monitor and maintain information systems controls to ensure they function effectively and efficiently.
• Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems
• Ensure that all IT policies and procedures are compliant with regulatory requirements
• Assess and recommend tools and techniques to automate information systems control verification processes.
• Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
• Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated
• Test information systems controls to verify effectiveness and efficiency prior to implementation and Implement information systems controls to mitigate risk
• Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively. • Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements
• Serve the Division’s internal customers and provide solutions to improve the customer experience.
• Drive planned strategy for the successful delivery of MTN Group and MTNN transformation initiatives focusing on Customer centricity, including Perfect 10 Project.
• Drive an increase in MTNN’s Net Promoter Score.
• Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
• Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
• Communicate audit and review results to appropriate parties and ensure that issues are addressed and corrective actions are implemented
• Continuously seek self-professional development to sharpen skills and capabilities in a versatile and evolving digital landscape.
• Coach and train the team to ensure understanding of the objectives and goals of the department, awareness of set targets/requirements and regularly review their training needs.
• Provide documentation and training to ensure information systems controls are effectively performed.

Job Conditions:

• General working conditions.
• May be required to work extra hours.

Experience & Training
Experience:

• Minimum 6 years’ experience which includes:
  • Minimum of 3 years’ experience in an area of specialisation; with experience in supervising/managing others
  • Experience working in a medium to large organization
  • Interpretation and application of governance, risk and compliance frameworks
  • Advanced knowledge of risk assessment design and delivery
  • In-depth understanding of PCI, ISO31000, ISO 27001:2013

Training:

• Emerging Enterprise Architectures
• ISO
• CISSP
• CISM

Minimum Qualification

• BEng, BTech, BA, BEd or HND.