The Dangote Group is one of the most diversified business conglomerates in Africa with a hard-earned reputation for excellent business practices and products' quality with its operational headquarters in the bustling metropolis of Lagos, Nigeria in West Africa. The Group's activities encompass: Cement - Manufacturing / Importing Sugar - Manufacturing & Refining Salt - Refining Flour & Semolina - Milling Pasta - Manufacturing Noodles - Manufacturing Poly Products - Manufacturing Logistics - Port Management and Haulage Real Estate Dangote Foundation Since inception, the Group has experienced phenomenal growth on account of quality of its goods and services, its focus on cost leadership and efficiency of its human capital. Today, Dangote Group is a multi-billion Naira company poised to reach new heights, in every endeavour competing with itself to better the past. The Group's core business focus is to provide local, value added products and services that meet the 'basic needs' of the populace. Through the construction and operation of large scale manufacturing facilities in Nigeria and across Africa, the Group is focused on building local manufacturing capacity to generate employment and provide goods for the people.
Job Summary:
The IT Risk Manager will be responsible for identifying, assessing, and prioritizing IT risks within the Dangote Group. They will develop and implement risk management strategies and processes to mitigate IT risks and ensure the protection and security of the organization's IT assets and data.
Key Duties and Responsibilities:
As a member of our team, your primary responsibilities will be to:
- Conduct objective, fact-based risk assessments on new and existing systems and share findings with all stakeholders within the information system.
- Managing IT Risk environment including related policies, standards, and processes.
- Manage the risk portfolio to include linking risk to controls, coordinating control owners to conduct RSCAs, and appropriately documenting control statements.
- Understand and provide advice on managing cybersecurity risks; collaborate with other IT professionals as needed to address new emerging threats.
- Manage the self-identified issue process; acceptance of issues; tracking SIIs and audit issues to closure.
- Develop and implement a cyber security defense strategy, including business continuity and disaster recovery procedures.
- Identify threats and conduct risk assessments to address cyber security risks.
- Work with the team to improve the security posture of the business and reduce its risk profile.
- Conduct on-site security assessments to measure the effectiveness of the third party's current control environment.
- Knowledge and experience in information security standards. (ISO 27001, NIST, CIS, OWASP Top 10, Security Essentials).
- Maintain close working relationship with appropriate teams across and outside of IT.
- Work closely with all areas to ensure clear risk visibility with all IT staff.
- Provide Continuous Control Monitoring through Key Risk Indicators, providing challenges to KRIs.
- Establish and monitor key risk indicators and also implement corrective action plans to mitigate risks.
- Work closely with Group Risk Management, ensuring that IT risks are reported as required to the Group Risk Board Committee and aligned with risk appetite and risk tolerance levels.
- Maintain an awareness of potential Emerging Risks and ensure these are recorded, visible, and considered in all new technology initiatives and financial planning activities.
- Provide oversight of all risk events ensuring they are recorded, investigated, closed -off, or escalated as necessary.
- Promote a culture of risk Awareness within the IT department.
Requirements
Education and Experience:
- Bachelor's degree in Economics, Accounting, or a related discipline.
- Must have a strong technical background with at least 15 years of experience in risk management, demonstrating proven skills in IT risk and/or IT governance.
- Possession of certifications such as CRISC, CISA, CISM, CISSP, or other relevant qualifications will be beneficial.
- This position requires knowledge and expertise in Information Security GRC, including familiarity with IS027001, NIST, OWASP, and PSI-DSS.
- Desirable to have knowledge of risk management and cyber security controls, as well as experience with related tools.
- Strong policy writing experience is required.
- Must be able to effectively communicate with senior stakeholders regarding information risk.
- Ability to build relationships with stakeholders at all levels is essential.
- Capable of presenting complex information to various audiences.
- Must be able to thrive in a fast-paced environment.
- Knowledge and understanding of Privileged Access Management, Patch Management, SOC Visibility, and Business Continuity is preferred.
- Familiarity with Control/Vulnerability Assessment and Penetration Testing methodologies.
- Experience in utilizing and customizing various information security and risk management tools, including but not limited to Nessus Tenable, Acunetix, Bulp Suite, Nipper Tool, and others, to detect and communicate IT risks.
- Ability to work in a cross-cultural and cross-functional environment.
- Prior experience working in the manufacturing sector is a plus.
Method of Application
Signup to view application details.
Signup Now