MTN Nigeria - The leader in telecommunications in Nigeria, and a part of a diverse community in Africa and the Middle East, our brand is instantly recognisable. It is through our compelling brand that we are able to attract the right talents who we carefully nurture by continuously improving our employment offerings even beyond reward and recognition.
We are recruiting to fill the vacant position below:
Job Title: Manager, Audit Risk & Compliance
Location: Lagos
Job Description
Responsible for the definition of MTN Nigeria information security policy, embedding security policy into operation and leading security risk assessment efforts and associated controls & reporting in line with the Group policies.
Drive effective coordination and closure of all IS compliance activities, including control tracking and actual submissions for closure.
Support the Shareholder return strategy by developing and implementing Information Systems Processes that are aligned to achieving all elements on the business score card.
Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope
Maintain effective working relationships with internal and external suppliers.
Serve as liaison to auditors, consultants, and the bank Compliance Committee regarding documentation and review of information compliance
Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
Provide information systems control status reporting to relevant stakeholders to enable informed decision making.
Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy
Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
Create and maintain a risk register to ensure that all identified risk factors are accounted for.
Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
Analyze risk scenarios to determine their impact on business objectives.
Develop an information security strategy aligned with business goals and objectives and ensure aligning of information security strategy to corporate governance
Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
Interview process owners and review process design documentation to gain an understanding of the business process objectives.
Analyze and document business process objectives and design to identify required information systems controls.
Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
Ensure all controls are assigned control owners to establish accountability and establish control criteria to enable control life cycle management
Establish internal and external reporting and communication channels that support information security
Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.
Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
Identify and evaluate risk response options and provide management with information to enable risk response decisions.
Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy
Monitor and maintain information systems controls to ensure they function effectively and efficiently.
Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems
Ensure that all IT policies and procedures are compliant with regulatory requirements
Assess and recommend tools and techniques to automate information systems control verification processes.
Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated
Test information systems controls to verify effectiveness and efficiency prior to implementation and Implement information systems controls to mitigate risk
Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively. • Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements
Serve the Division’s internal customers and provide solutions to improve the customer experience.
Drive planned strategy for the successful delivery of MTN Group and MTNN transformation initiatives focusing on Customer centricity, including Perfect 10 Project.
Drive an increase in MTNN’s Net Promoter Score.
Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
Communicate audit and review results to appropriate parties and ensure that issues are addressed and corrective actions are implemented
Continuously seek self-professional development to sharpen skills and capabilities in a versatile and evolving digital landscape.
Coach and train the team to ensure understanding of the objectives and goals of the department, awareness of set targets/requirements and regularly review their training needs.
Provide documentation and training to ensure information systems controls are effectively performed.
Job Conditions:
General working conditions.
May be required to work extra hours.
Experience & Training
Experience:
Minimum 6 years’ experience which includes:
Minimum of 3 years’ experience in an area of specialisation; with experience in supervising/managing others
Experience working in a medium to large organization
Interpretation and application of governance, risk and compliance frameworks
Advanced knowledge of risk assessment design and delivery
In-depth understanding of PCI, ISO31000, ISO 27001:2013