Officer, IT Risk and Compliance

IHS Towers is the largest independent mobile telecommunications infrastructure provider in Europe, Africa and the Middle ; Founded in 2001, IHS provides services across the full tower value chain – colocation on owned towers, deployment and managed services.
Today IHS Towers has operations in Nigeria, Cameroon, Côte d’Ivoire, Zambia and Rwanda. Following the recent acquisitions of MTN and Etisalat’s tower portfolios in Nigeria, IHS owns over 23,300 towers in Africa.
We are recruiting to fill the position below:
Job Title: Officer, IT Risk and Compliance
Location: Lagos
Reports To: Senior Manager,  IT Security
Summary 

• This job role supports and helps define and maintain a process to counteract interruptions to business activities, as well as protect critical business information assets from the effects of major information system failures or disasters, thereby ensuring their timely resumption

Responsibilities

• Responsible for end-to-end information security (from front-line to back-end/data center), and operational risk oversight functions to ensure an acceptable risk profile as well as strict adherence to information risk standards and procedures.
• Liaise with Internal Audit, Assurance,  and other relevant functions of the enterprise as part of the overall enterprise-wide risk management.
• Provide relevant and timely information on key risk indicators (KRIs) for effective risk oversight.
• Develop and maintain the Information Risk Management (IRM) framework by proactively developing, refreshing, and implementing an annual IRM program.
• Provide inputs to the formulation of the overall technology strategy, implement the strategic risk management vision for the dependent units, and ensure delivery through the application of exceptional leadership skills, strong network of internal and external alliances, and highly developed business skills.
• Establish credible risk governance, an integrated risk management mindset, and an execution approach that appropriately prioritizes actions based on business impact.
• Implement appropriate systems and processes that ensure that information risks are proactively managed and undesired events detected and remedied on time when they occur.
• Provide inputs to the development of risk policies, plans and procedures that provide an acceptable level assurance.
• Build awareness of new and evolving risks across the in-scope functions and across the entire organization.
• Help identify KRIs for the in-scope functions based on up-to-date situational analyses and trends.
• Support implementation of the Business Continuity Plan (BCP) for the IT function, ensuring continuous and regular validation and testing of documented / approved BCPs.
• Conduct continuous risk assessments & business impact analyses for new and existing solutions.
• Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically.

Education and Experience

• A minimum of 4 years relevant experience in Information Security, Risk Advisory,  and IT Compliance.
• Demonstrable expertise in Vulnerability Lifecycle Management, Security Incidence Response, Business Continuity, Risk Management, ISO 27001, ITIL, and Mobile Core Technologies.
• Experience with Microsoft products.
• Knowledge of security best practices such as; defence in-depth, least privileges, need-to-know, separation of duties, access controls, encryption.
• Knowledge and experience in implementing globally accepted information system risk, control and BCM standards highly desired.
• Thorough understanding of the latest security principles, techniques, and protocols.
• An ideal candidate will demonstrate a broad based operational perspective with enough depth to proffer solutions to all forms of business risk.
• Problem solving skills and ability to work under pressure.
• , B. Tech or related degree in Computer Science or related field

How to Apply
Interested and qualified candidates should send their CV's and Cover letter indicating in the subject the name and location of the role.