DU&T Consulting
  • November 7, 2017
  • admin
  • Uncategorized
  • 0
Job Title Manager Audit Risk & Compliance
Job Description  

• Responsible For The Definition Of MTN Nigeria Information Security Policy, Embedding Security Policy Into Operation And Leading Security Risk Assessment Efforts And Associated Controls & Reporting In Line With The Group Policies.
• Drive Effective Coordination And Closure Of All IS Compliance Activities, Including Control Tracking And Actual Submissions For Closure.
• Support The Shareholder Return Strategy By Developing And Implementing Information Systems Processes That Are Aligned To Achieving All Elements On The Business Score Card. (I.E. Grow Market Share, Grow ICT & Data Revenue, Increase EBITDA Margins, Assure Revenue, CAPEX Returns Management And Net Subscriber Additions).
• Monitor The Information Systems Control Design And Implementation Process To Ensure That It Is Implemented Effectively And Within Time, Budget And Scope
• Maintain Effective Working Relationships With Internal And External Suppliers.
• Serve As Liaison To Auditors, Consultants, And The Bank Compliance Committee Regarding Documentation And Review Of Information Compliance
• Provide Progress Reports On The Implementation Of Information Systems Controls To Inform Stakeholders And To Ensure That Deviations Are Promptly Addressed.
• Develop A Risk Awareness Program And Conduct Training To Ensure That Stakeholders Understand Risk And Contribute To The Risk Management Process And To Promote A Risk-Aware Culture.
• Provide Information Systems Control Status Reporting To Relevant Stakeholders To Enable Informed Decision Making.
• Identify, Assess And Evaluate Risk To Enable The Execution Of The Enterprise Risk Management Strategy
• Collect Information And Review Documentation To Ensure That Risk Scenarios Are Identified And Evaluated.
• Identify Legal, Regulatory And Contractual Requirements And Organizational Policies And Standards Related To Information Systems To Determine Their Potential Impact On The Business Objectives.
• Identify Potential Threats And Vulnerabilities For Business Processes, Associated Data And Supporting Capabilities To Assist In The Evaluation Of Enterprise Risk.
• Create And Maintain A Risk Register To Ensure That All Identified Risk Factors Are Accounted For.
• Assemble Risk Scenarios To Estimate The Likelihood And Impact Of Significant Events To The Organization.
• Analyze Risk Scenarios To Determine Their Impact On Business Objectives.
• Develop An Information Security Strategy Aligned With Business Goals And Objectives And Ensure Aligning Of Information Security Strategy To Corporate Governance
• Correlate Identified Risk Scenarios To Relevant Business Processes To Assist In Identifying Risk Ownership.
• Validate Risk Appetite And Tolerance With Senior Leadership And Key Stakeholders To Ensure Alignment
• Interview Process Owners And Review Process Design Documentation To Gain An Understanding Of The Business Process Objectives.
• Analyze And Document Business Process Objectives And Design To Identify Required Information Systems Controls.
• Facilitate The Identification Of Resources (E.G. People, Infrastructure, Information, Architecture) Required To Implement And Operate Information Systems Controls At An Optimal Level.
• Ensure All Controls Are Assigned Control Owners To Establish Accountability And Establish Control Criteria To Enable Control Life Cycle Management
• Establish Internal And External Reporting And Communication Channels That Support Information Security
• Design And Implement Information Systems Controls In Alignment With The Organization’s Risk Appetite And Tolerance Levels To Support Business Objectives.
• Facilitate The Identification Of Metrics And Key Performance Indicators (KPIs) To Enable The Measurement Of Information Systems Control Performance In Meeting Business Objectives.
• Develop And Implement Risk Responses To Ensure That Risk Factors And Events Are Addressed In A Cost-Effective Manner And In Line With Business Objectives.
• Identify And Evaluate Risk Response Options And Provide Management With Information To Enable Risk Response Decisions.
• Review Risk Responses With The Relevant Stakeholders For Validation Of Efficiency, Effectiveness And Economy
• Monitor And Maintain Information Systems Controls To Ensure They Function Effectively And Efficiently.
• Plan, Supervise And Conduct Testing To Confirm Continuous Efficiency And Effectiveness Of Information Systems
• Ensure That All IT Policies And Procedures Are Compliant With Regulatory Requirements
• Assess And Recommend Tools And Techniques To Automate Information Systems Control Verification Processes.
• Evaluate The Current State Of Information Systems Processes Using A Maturity Model To Identify The Gaps Between Current And Targeted Process Maturity.
• Determine The Approach To Correct Information Systems Control Deficiencies And Maturity Gaps To Ensure That Deficiencies Are Appropriately Considered And Remediated
• Test Information Systems Controls To Verify Effectiveness And Efficiency Prior To Implementation And Implement Information Systems Controls To Mitigate Risk
• Facilitate Independent Risk Assessments And Risk Management Process Reviews To Ensure They Are Performed Efficiently And Effectively.
• Identify And Report On Risk, Including Compliance, To Initiate Corrective Action And Meet Business And Regulatory Requirements
• Serve The Division’s Internal Customers And Provide Solutions To Improve The Customer Experience.
• Drive Planned Strategy For The Successful Delivery Of MTN Group And MTNN Transformation Initiatives Focusing On Customer Centricity, Including Perfect 10 Project.
• Drive An Increase In MTNN’s Net Promoter Score.
• Participate In IT Projects And Initiatives To Bring Pro-Active Risk Management Focus Into Solutions.
• Design Information Systems Controls In Consultation With Process Owners To Ensure Alignment With Business Needs And Objectives.
• Communicate Audit And Review Results To Appropriate Parties And Ensure That Issues Are Addressed And Corrective Actions Are Implemented
• Continuously Seek Self-Professional Development To Sharpen Skills And Capabilities In A Versatile And Evolving Digital Landscape.
• Coach And Train The Team To Ensure Understanding Of The Objectives And Goals Of The Department, Awareness Of Set Targets/Requirements And Regularly Review Their Training Needs.
• Provide Documentation And Training To Ensure Information Systems Controls Are Effectively Performed

Job Condition  

 

• General Working Conditions
• May Be Required To Work Extra Hours

Experience & Training  

Experience:
Minimum 6 Years’ Experience Which Includes:
• Minimum Of 3 Years’ Experience In An Area Of Specialisation; With Experience In Supervising/Managing Others
• Experience Working In A Medium To Large Organization
• Interpretation And Application Of Governance, Risk And Compliance Frameworks
• Advanced Knowledge Of Risk Assessment Design And Delivery
• In-Depth Understanding Of PCI, ISO31000, ISO 27001:2013
Training:
• Emerging Enterprise Architectures
• ISO
• CISSP
• CISM

Minimum Qualification BEng, BTech, BA, BEd Or HND

Leave a Reply

Your email address will not be published. Required fields are marked *

DU&T Consulting