MTN Nigeria – The leader in telecommunications in Nigeria, and a part of a diverse community in Africa and the Middle East, our brand is instantly recognisable. It is through our compelling brand that we are able to attract the right talents who we carefully nurture by continuously improving our employment offerings even beyond reward and recognition.
We are recruiting to fill the position below:
Job Title: Analyst – Enterprise Risk Management, Risk and Compliance
Job Identification:1301
Location: Ikoyi, Lagos
Job Schedule: Full time
Job Category: MTN Level 2
Reports To: Manager Enterprise Risk Management
Division: Risk & Compliance
Description
- Performing information security gap analysis and remediation, Quality Assurance reviews of IT Controls, Developing IT and Information Security policies.
- Perform pre and post-implementation reviews of system implementations or enhancements.
- Conduct Vulnerability Assessment, penetration testing, and Security review of internal applications and their supporting infrastructure.
- Perform critical analysis and evaluation of risks for relevance and ease of exploitability.
- Coordinate and facilitate the development and implementation of IT risk management policies, guidelines, methodologies and initiatives for proactive risk management
- Conduct business reviews to identify single points of failure within MTN’s IT infrastructure and develop action plans for addressing them.
- Recommend, manage, and implement required changes to IT risk and security policies and procedures
- Support the integration of IT risk management practices into Information Technology functions and other business areas
- Work directly with departmental heads to facilitate information security risk assessment and risk management processes and to identify acceptable levels of residual risk
- Assess threats and vulnerabilities regarding information assets and projects and recommend the appropriate controls
- Ensure plans, policies and procedures of IT processes are aligned with acceptable standards
- Support IT teams in developing risk management initiatives across MTNN and monitor Key Risk Indicators (KRIs)
- Communicate with multiple departments to resolve technical and procedural information technology risks
- Serve as the focal point for IT control incidents, ensuring dissemination and embedding of learnings points from the incidents.
- Coordinate the update of IT risk event database with event/ near misses and agreed action plans
- Monitor the resolution of issues identified to ensure risks are resolved in accordance with risk management standards
- Prepare and circulate updates on industry-related events, regulatory directives and lessons arising from risk events/near misses to management
- Stay abreast of trends in agile IT risk governance, policies and procedures and other external changes that may impact the Company
- Serve as Subject Matter Expert (SME) for performing vendor risk assessment to improve the overall vendor risk posture
- Responsible for reviewing and monitoring information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security.
- Support ISO 27001 re-certification reviews and validation activities.
- Maintain all MTNN ethical standards and ensure Risk Management activities are carried out in compliance with ISO 31000/COSO standards as well as MTNN’s risk management methodologies.
- Identify and analyze the areas of potential risk threatening MTNN’s assets, earning capacity, and conduct risk scoring and impact assessment within MTNN.
- Perform in-depth evaluations on key risks within the organization and assist the business in developing risk prevention strategies.
- Evaluate risk exposures (opportunity, hazard, uncertainty etc.) that pose an internal or external threat (political, economic, financial, market, international) and make necessary recommendations.
- Support development of reports to the Board Risk & Compliance Committee on a quarterly basis; and ensure preparation of ERM reports to stakeholders when required.
- Liaise constantly with Senior Management and Executives on various technology risk matters especially tracking ownership and mitigation of risk items identified as well as train relevant stakeholders and staff on risk matters; champions on the use of Archer eGRC software, on an on-going basis regarding ERM projects.
Education
- First Degree in a Numerate discipline (IT or Computer Science preferred)
- CISA/CRISC certification or other IT-related certifications
- Fluent in English
Experience:
3 – 7 years’ experience which includes:
- History of risk management engagement (either as Risk personnel or in Risk Management Consulting)
- Experience in IT Audit or IT risk management
- IT governance proficiency
- Experience with exception reporting, assessment, documentation, implementation and/or design of internal controls.
- Information systems risk management, control standards, business continuity and information security
- Project management.
Deadline: 3rd June, 2022 at 23:59.
How to Apply
Interested and qualified candidates should:
Click here to apply online
Leave a Reply