Specialist, IT Risk Management at IHS Towers

Job Type: Full-time · Associate

About the Job

• We are currently recruiting for a Specialist, IT Risk Management who will assist in promoting adherence to information risk standards and procedures which protect the company’s systems from internal and external threats.

Key Roles & Responsibilities

• Provide inputs to design of the Information Risk Management (IRM) framework. Take responsibility for maintaining the framework, including refreshing and implementing an annual program.
• Build awareness of new and evolving risks across in-scope functions and IT.
• Lead the identification of key risk indicators (KRIs) for in-scope functions based on up-to-date situational analyses and trends. Provide relevant and timely information on KRIs for effective risk oversight.
• Develop action points to ensure that KRIs which exceed thresholds are reduced to an acceptable level.
• Perform annual IT risk and audit reviews in line with the approved annual plan.
• Provide second-line security and audit assurance for continuous improvement.
• Collaborate continuously with internal audit and other key internal stakeholders as part of the overall enterprise risk management framework.
• Contribute towards establishing credible risk governance, an integrated risk management mindset, and an execution approach which appropriately prioritizes action based on business impact.
• Implement appropriate systems and processes that ensure information risks are proactively managed and undesired events (when they occur) are detected and remedied early.
• Participate in the development of risk plans and procedures, as well as organizational structures, that provide an acceptable level of assurance in IT.
• Follow up on open audit and risk items to ensure closure.
• Manage the business continuity plan (BCP) for IT. Ensure continuous and regular validation and testing of documented/ approved BCP.
• Conduct continuous risk assessments for new and existing solutions.
• Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically.
• Perform gap assessments using the COBIT process assessment model and follow up to ensure timely remediation of gaps and implementation of new IT processes.
• Review policies and develop processes and procedures that provide an acceptable level of assurance.
• Perform other tasks and duties as assigned by the Manager, IT Risk & Control.

Experience & Qualifications Required

• Bachelor's Degree in Computer Science, Computer Engineering, Information Technology, or related disciplines.
• 5-6 years’ relevant work experience in Information Security, Risk Advisory, and IT Compliance.
• Professional certifications such as CISA, CRISC, ISO27001, ISO27005: Lead Risk Manager will be an asset.
• Demonstrable application of knowledge of defence in-depth, least privileges, need-to-know, separation of duties, access controls and encryption.
• Proven knowledge of risk management, information security, mobile core technologies and controls.

Organizational Competencies:

• Be Bold
• Customer Focus
• Innovation
• Integrity

Functional Competencies:

• IT Audit
• Vulnerability Management
• Business Continuity
• Risk Management
• ITIL
• ISO27001
• Problem Solving

Behavioural Competencies:

• Collaboration & Teamwork