IT Risk & Control Manager at Ikeja Electricity Distribution Company

Buoyed by a mission to redefine customer experience and be the provider of choice wherever energy is consumed, Ikeja Electricity Distribution Plc (Ikeja Electric), Nigeria's largest power distribution network powers lives and businesses with innovation and unwavering drive for excellence. The company began its new phase of growth and expansion on November 1st, 2013 following the handover of the defunct Power Holding Company Of Nigeria (PHCN) to NEDC/ KEPCO Consortium under the privatization scheme of the Federal Government of Nigeria. The consortium has the Korean Electric Power Corporation (KEPCO) which generates about 84,000MW in capacity and has a global efficiency record of a maximum down time period of slightly above three minutes annually as technical partners. This partnership has positioned IE to effectively drive its commitment to deliver efficient and sustainable power supply through investments in new technology, infrastructure upgrade and human capital development. Ikeja Electric has over 600,000 customers who the company is committed to serve with a New Spirit, New Drive and New Energy. This resolve continues to elicit a passion for service excellence and new thinking on how to empower lives and businesses across the IE network.

Role Purpose

• Will be responsible for ensuring the design and adoption of effective strategies for securing Ikeja Electric’s information assets, the supporting information, communication and electronic channel technologies, through the proactive assessment of risks, design and implementation of effective policies and standards and other risk mitigation and control initiatives.

Role Accountabilities

• Ensure that comprehensive risk assessments are performed for all the organizations' information assets, supporting technical infrastructure and associated service and support processes, electronic banking products and services and supporting platforms/technologies.
• Ensure that comprehensive and effective risk treatment plans are developed and maintained for the organizations' information assets, supporting technical infrastructure, and electronic payments applications, services and platforms.
• Provide risk management support for effective identification, assessment, treatment, monitoring recording and reporting of emerging risks in IT environment and technology related assets or projects in the organisation in line with modern IT risk management trends. S/he proactively tracks such risks and treatments and escalates significant updates for management attention.
• Ensure that a framework of policies, standards and procedures for information security and risk management are developed, implemented and maintained based on global best practices for information security management to protect the organizations' information assets
• Ensure the implementation of adequate and effective security controls and processes that will safeguard the availability, integrity and confidentiality of the organization's information assets and technology infrastructure.
• Ensure effective coordination/implementation support of all information security projects and initiatives including BCP/DRP relating to IT environment.
• Develop and implement awareness programmes and campaigns to promote information security consciousness and compliance across the organization.
• Coordinate the development, implementation and maintenance of an effective enterprise Business Continuity Plan.
• Develop and implement a process for achieving and maintaining compliance with the ISO 27001 international standard for Information Security Management
• Ensure that an effective process for managing information security incidents is defined and implemented.
• Collaborate with IT and Compliance teams leadership

Minimum Requirement

• A good First Degree or equivalent in science or social science field
• Relevant professional certifications in risk management
• Work experience in operational risk management in relevant sectors for a minimum period of 8 years

Skills & Competencies:

• Experience with NIST Cybersecurity Framework, COBIT, or similar frameworks.
• Proficiency in cybersecurity tools (e.g., SIEM, vulnerability scanners, firewalls).
• Familiarity with cloud security solutions if relevant.
• Working knowledge of IT governance tools like GRC platforms
• Oral and written communication skill.
• Analytical skill
• Project management skill
• Good understanding of the industry
• Persuasive skills
• Organizational skills

Method of Application