Latest Vacancies at IHS Towers

About the Job

• We are currently recruiting for a Specialist, IT Risk Management who will assist in promoting adherence to information risk standards and procedures which protect the company’s systems from internal and external threats.

Key Roles & Responsibilities

• Provide inputs to design of the Information Risk Management (IRM) framework. Take responsibility for maintaining the framework, including refreshing and implementing an annual program.
• Build awareness of new and evolving risks across in-scope functions and IT.
• Lead the identification of key risk indicators (KRIs) for in-scope functions based on up-to-date situational analyses and trends. Provide relevant and timely information on KRIs for effective risk oversight.
• Develop action points to ensure that KRIs which exceed thresholds are reduced to an acceptable level.
• Perform annual IT risk and audit reviews in line with the approved annual plan.
• Provide second-line security and audit assurance for continuous improvement.
• Collaborate continuously with internal audit and other key internal stakeholders as part of the overall enterprise risk management framework.
• Contribute towards establishing credible risk governance, an integrated risk management mindset, and an execution approach which appropriately prioritizes action based on business impact.
• Implement appropriate systems and processes that ensure information risks are proactively managed and undesired events (when they occur) are detected and remedied early.
• Participate in the development of risk plans and procedures, as well as organizational structures, that provide an acceptable level of assurance in IT.
• Follow up on open audit and risk items to ensure closure.
• Manage the business continuity plan (BCP) for IT. Ensure continuous and regular validation and testing of documented/ approved BCP.
• Conduct continuous risk assessments for new and existing solutions.
• Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically.
• Perform gap assessments using the COBIT process assessment model and follow up to ensure timely remediation of gaps and implementation of new IT processes.
• Review policies and develop processes and procedures that provide an acceptable level of assurance.
• Perform other tasks and duties as assigned by the Manager, IT Risk & Control.

Experience & Qualifications Required

• Bachelor's Degree in Computer Science, Computer Engineering, Information Technology, or related disciplines.
• 5-6 years’ relevant work experience in Information Security, Risk Advisory, and IT Compliance.
• Professional certifications such as CISA, CRISC, ISO27001, ISO27005: Lead Risk Manager will be an asset.
• Demonstrable application of knowledge of defence in-depth, least privileges, need-to-know, separation of duties, access controls and encryption.
• Proven knowledge of risk management, information security, mobile core technologies and controls.

Organizational Competencies:

• Be Bold
• Customer Focus
• Innovation
• Integrity

Functional Competencies:

• IT Audit
• Vulnerability Management
• Business Continuity
• Risk Management
• ITIL
• ISO27001
• Problem Solving

Behavioural Competencies:

• Collaboration & Teamwork

go to method of application »

Job Description

• We are currently recruiting for a Specialist, IT Compliance & Reporting who will implement and maintain IT processes designed to counteract interruptions to business activities and protect critical business information assets against effects of major information system failures or disasters.

Key Roles & Responsibilities

• Maintain the company’s IT Compliance Program. Provide inputs to program design and propose revisions where applicable.
• Work with relevant stakeholders to develop an effective IT Compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees.
• Provide advice on emerging compliance issues and consult with relevant functional areas/ teams to ensure risks are mitigated.
• Collaborate with key internal stakeholder functions, such as Risk Management and Internal Audit, to direct compliance issues to appropriate existing channels for investigation and resolution.
• Respond to alleged violations of rules, regulations, policies, procedures and standards of conduct by evaluating or recommending initiation of investigative and corrective procedures.
• Perform compliance monitoring on successful patching of all servers.
• Perform compliance monitoring and reporting on successful back-up operations.
• Perform compliance monitoring and reporting on: outdated operating system on servers; Active Directory replication errors; unresponsive OMS agents; servers and databases approaching end of life; database simple recovery model; and non-activated Windows OS.
• Monitor and develop action points to ensure IT compliance with key regulations such as the Nigerian Cyber-Security Act, NCC Cyber-Security Guidelines, and NITDA Security Guidelines.
• Identify potential areas of compliance vulnerability and risk. Develop/ recommend corrective action plans for resolution of problematic issues and provide general guidance on how to avoid or deal with similar situations in future.
• Build IT Compliance Dashboard and provide reports (as requested or directed) to keep relevant IT Committees informed of the operation and progress of compliance efforts.
• Monitor and track open audit findings from internal and external audits, 3rd parties, and ISO90001.
• Monitor and coordinate IT compliance activities. Keep abreast of status, identify trends, and take appropriate steps to improve overall effectiveness.
• Perform other tasks and duties as assigned by the Manager, IT Risk & Control.

Experience & Qualifications Required

• Bachelor's Degree in Computer Science, Computer Engineering, Information Technology, or related disciplines.
• 5-6 years’ relevant work experience in Information Security, Risk Advisory, and IT Compliance.
• Professional certifications such as CISA, CRISC, ISO27001, ISO27005: Lead Risk Manager will be an asset.
• Demonstrable application of knowledge of defence in-depth, least privileges, need-to-know, separation of duties, access controls and encryption.
• Proven knowledge of risk management, information security, mobile core technologies and controls.

Functional Competencies

• IT Audit
• Vulnerability Management
• Business Continuity
• Risk Management
• ITIL
• ISO27001
• Problem Solving

Behavioural Competencies:

• Collaboration & Teamwork

Organizational Competencies:

• Be Bold
• Customer Focus
• Innovation
• Integrity