Head Information Risk Management

Job Summary:

Manage the entire information risk universe covering IP/ IT security across all IT and mobile network nodes, value-added services (VAS), and other technical services.  Responsible for end-to-end information security (from front-line to backend/data centre), IT business continuity and operational risk oversight functions and ensure an acceptable risk profile, strict adherence to information risk standards and procedures; Liaise with internal audit, assurance / attest functions and other parts of the enterprise as part of the overall enterprise-wide risk management.   Provide relevant and timely information on key risk indicators (KRI) for effective risk oversight. Entrench a risk-conscious culture across the in-scope functions and throughout the organization.  A major objective of this role is to achieve and maintain an acceptable risk profile for the overall operating environment
ROLES AND RESPONSIBILITIES:
Strategic

Develop and maintain the Information Risk Management (IRM) framework by proactively developing, refreshing and implementing an annual IRM program;
Provide inputs to the formulation of the overall technology strategy, lead the strategic risk management vision for the dependent units and ensure delivery through the application of exceptional leadership skills, strong network of internal and external alliances and highly developed business skills;
Establish credible risk governance, an integrated risk management mindset and an execution approach that appropriately prioritizes actions based on business impact;
Responsible for ensuring that the overall risk profile of the in-scope functions is maintained within acceptable levels

Operational

Accountable for ensuring that the relevant teams within in-scope functions are well-structured and equipped to address risk and that information risk management gets the right level of focus;
Implement appropriate systems and processes that ensures that:

Information risks are proactively managed
Early detection and timely remediation when undesired events occur;                                                                                 

Lead the development of risk policies, plans and procedures, and organizational structures that provide an acceptable level assurance;
Build awareness of new and evolving risks across the in-scope functions and across the entire organisation;
Lead the identification of key risk indicators (KRIs) for the in-scope functions based on up-to-date situational analysis and trends;
Coordinate the activities of the IT Risk Council; Design, implement and own the Governance, Risk & Control (GRC) program for the in-scope functions;
Responsible for managing the business continuity plans (BCP) for the IT function.  Ensure continuous and regular validation and testing of documented / approved BCP;
Conduct continuous risk assessments & business impact analysis for new and existing solutions;
Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically;
Deploy behavioral change management techniques to maintain risk awareness capabilities across groups within and outside the functions in scope;
Collaborates with assurance providers to provide an accurate opinion on the operating environment;
Carry out other activities as instructed by the Chief Product & Information Officer.

Desired Skills and Experience

EDUCATION AND EXPERIENCE:

First degree or equivalent in Computer Science/IT, or a related or relevant discipline;
Postgraduate and/or professional qualification in related fields will be an added advantage;
Deep knowledge of risk management, information security, mobile core technologies and controls is required.  Also, previous experience as a technical architect OR mobile core engineering will be a strong advantage;
Demonstrable knowledge, (and optionally certifications) in installed platforms, VAS, protocols and technologies are strong requirements;
Knowledge and experience in implementing globally accepted information system risk, control and BCM standards highly desired;
Nine (9) to Twelve (12) years of combined Telecom/IT/IT risk advisory experience in leading and high-impact role(s) with progressive levels of responsibilities, six (6) years in a mid to senior solution architecting;
An ideal candidate will have solid experience spanning advisory, OEM (mobile network or ICT) and vertical industry / operational roles;
Sound knowledge of internal business processes, outsourcing model, program management and the mobile telecommunications industry;
An ideal candidate will demonstrate a broad based operational perspective with enough depth to proffer solutions to all forms of business risk;
Recognized risk/control authority that can articulate risk/reward trade-offs clearly and is dynamic, proactive and decisive;
Ability to adapt well, initiate change in the organization, and deliver at satisfactorily high levels under intense pressure;
Continuously seeks ways to mitigate risks in the organization as a competitive business advantage;
Highly developed business communications skill (verbal and written), team player, change agent, strategic and creative, excellent project management skills and the ability to drive performance, risk consciousness and compliance from all areas within the company;
Exceptional analytical, quick-learning and critical thinking skills;
Strong influencing and change management skills. 
MUST HAVE COMPLETED THE NYSC PROGRAM

Apply via :