Head, IT Security Operations & Information Risk Management at 9Mobile

Job ID: IRC4337

Job Summary

• Responsible for defining and maintaining the IT Risk Framework and its associated controls; evaluate overall information technology risk, maintain an active view on compliance, and report on the actual, mitigated and residual risk in the IT organization. 
• Liaise with all regulatory / relevant government agencies, internal and external audit/assurance providers and other parts of the business in matters related to enterprise risk.

Principal Functions
Strategic/Management:

• Develop and maintain the IT Risk Management framework by proactively developing and implementing an annual ITRM program and conduct periodic reviews to keep it current and relevant
• Provide inputs to overall IT strategy formulation, lead the strategic risk management vision for the unit and ensure strategy delivery through the application of exceptional leadership skills, network of internal and external alliances and highly developed business skills
• Responsible for ensuring that overall IT risk profile is maintained within acceptable levels inline with the risk appetite defined by the Board.

Operational:

• Accountable for IT risk management activities/issues affecting the organization and for implementing IT Risk policies, plans and procedures, and team organization to provide reasonable assurance that:
  • IT Risk is well-understood & managed and that the team is well equipped to mitigate
  • Undesired events are detected, prevented and corrected, and
  • IT risks are managed appropriately
• Lead the identification of key risk indicators (KRIs) across all information assets and functions in the department based on current situation and trends to provide relevant &timely information for effective mitigation
• Coordinate the activities of the IT Risk Council; implement the Governance, Risk & Control(GRC) program for the department
• Conduct periodic business impact and risk assessment re business continuity for critical business processes and propose recommendations for addressing gaps
• Drive and deliver effective business continuity strategies to support and, in time of disaster, recover the company's critical business functions
• Direct the continuous and regular validation and testing of documented business continuity plans
• Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically
• Collaborate with assurance providers to provide an opinion on the control environment; Ensure all identified operational risks are resolved timely
• Undertake periodic appraisals, recruit, train and develop team members in conjunction with the HR team to meet the changing needs of the company
• Carry out other activities as instructed by the Chief Information Officer (CIO).

Educational Requirements

• First Degree or equivalent in Computer Science / IT, or a related or relevant discipline.
• Postgraduate and/or professional qualification in fields related to risk management will be an added advantage.
• Nine (9) to Twelve(12) years of combined Telecom/IT/IT risk advisory experience or other high-risk aware industries (e.g. financial services) in leading and high-impact role(s) with progressive levels of responsibilities
• Deep knowledge of cyber threats landscape & related defences, general information security and controls is required
• Knowledge of/familiarity with deploying global/leading IT risk management standards, control and BCM processes will be advantageous
• Sound knowledge of internal business processes, program management and the mobile telecommunications industry
• Demonstrate abroad-based operational perspective and provides solutions for all forms of business risk
• Recognized risk/control authority who can articulate risk/reward trade-offs clearly and is dynamic, proactive and decisive.
• Ability to adapt well, influence and initiate change in the organization.
• Highly developed business communications skill (verbal and written), team player, change agent, strategic and creative, and able to drive performance, risk consciousness and compliance from all areas within the company
• Ability to cope and deliver at satisfactorily high levels when under intense pressure
• Exceptional analytical, quick-learning and critical thinking skills;
• Strong influencing and change management skills.