Hugo is a Future-of-Work company. We build and manage remote teams in black communities for some of the world’s largest technology and media companies. We specialize in end-to-end machine learning data annotation and omnichannel support solutions that ultimately yield more inclusive outcomes for both black communities globally and our clients.
We are recruiting to fill the position below:
Job Title: Head, IT Risk and Compliance
Location: Lagos
What you’ll be doing
Over the last two years, Hugo has experienced tremendous growth.
We’ve grown to a community of 1,500+ FTEs, expanded into new countries, and evolved our client base from just unregulated start-ups to publicly listed tech behemoths.
To maintain this trajectory, we need to “level up” our IT infrastructure and operations, and we are looking for an experienced IT enthusiast to help build our risk and compliance capability, as we prepare for the next stage of growth.
Reporting directly to the Global Head of IT, this position leads, advises on, maintains, and reports on Hugo’s IT controls implementation, risk management, and compliance efforts.
The position works closely with the Executive Leadership Team and business leaders, while leading IT gap assessment programs and risk workshops/forums.
As part of Hugo’s overarching risk management and governance framework, this role serves as a second line of defense that provides independent oversight and guidance on managing IT risks.
Key Responsibitlies
Leadership & Development:
Work with the Global Head of IT and business leaders to foster a culture of compliance across Hugo.
Provide guidance and training to employees/relevant stakeholders on compliance policies, procedures, and risk-related matters.
Advise process owners on the design and implementation of IT controls (manual and automated) into processes and systems that support the achievement of business objectives.
Lead risk assessments for all enterprise technology systems and processes, particularly those handling sensitive customer data (e.g., personal identifiable information).
Stakeholder Communication & Reporting:
Manage the quarterly ISMS management review and reporting on the organization's technology risk register.
Monitor and report on the organization's technology (IT and information security) compliance obligations, including those related to legislation, licensing, and internal policies to the Global Head of IT and Chief Trust Officer (CTO).
Provide regular reports on operational IT risks and security posture to the Global Head of IT.
Where applicable, liaise with clients, auditors, and/or regulators to demonstrate conformance with applicable requirements, addressing inquiries and requests for information.
Policy Development & Enforcement:
Develop, implement, and maintain IT risk and compliance policies and procedures that align with industry best practices and regulatory requirements.
Assist IT process owners in the creation and maintenance of policies, processes and procedures.
Ensure proper documentation, permission control, and communication of policies across the organization.
Monitor adherence to established policies, conducting internal reviews and audits to ensure compliance.
Work with legal, people, service delivery, and strategic operations teams to embed IT risk and compliance requirements into organizational policies and procedures.
Compliance Management:
Develop and implement an IT compliance management and monitoring framework, overseeing the organization’s compliance efforts based on industry standards (e.g., ISO27001, PCI-DSS, SOC 2, HITRUST).
Monitor, and report on the organization’s legal and regulatory compliance obligations, including those related to legislation (e.g., GDPR, NDPR, Cybercrime Act, NCC).
Lead initiatives to secure sensitive customer data (e.g., cardholder data, personal identifiable information) according to applicable regulations.
Maintain up-to-date knowledge of relevant regulations and best practices in IT risk and compliance, ensuring that the organization’s practices remain fit-for-purpose.
IT Risk and Governance:
Define a strategic roadmap and plan to deliver on IT Risk and Compliance objectives.
Develop and implement an IT risk management framework to identify, assess, manage, and mitigate risks related to IT systems and data security.
Perform general Risk Control Self-Assessment for the IT department covering people, process, technology, and suppliers, assigning risk severity scores and tracking mitigation plans.
Provide advice and undertake regular reviews with risk owners to ensure the effectiveness (and documentation) of internal controls.
Collaborate with IT and security operations teams to design and implement appropriate controls to protect against confidentiality, integrity, and availability incidents.
What you’ll need to apply
10 years experience in a Risk and Compliance role, with at least 3 years interacting with business leaders and executive leadership team.
Hands-on, Individual contributor with strong communication (written and verbal) skills and the ability to work in a business partnering capacity whilst maintaining essential independence.
Demonstrated track record of influencing stakeholders from different backgrounds and functions to drive risk-aware business outcomes.
Demonstrated experience preparing and presenting risk reports to an executive and/or business leaders.
IT GRC background with expert level knowledge of industry practices, IT processes, compliance frameworks and standards (e.g., COBIT, NIST, PCI-DSS, ITIL, ISO 27001 etc.)
CISA, CRISC, CGEIT, or other relevant industry security-focused certifications preferred.
An ability to lead strategically, with a commercial focus.
What success looks like:
Risk Management Effectiveness: Reduction in IT risk exposure and security incidents.
Compliance Adherence: Successful completion of audits with minimal findings.
Client Satisfaction: Positive feedback from clients on the organization’s security and compliance posture.
Policy Enforcement: High adherence to internal risk and compliance policies across the organization.
Application Closing Date
Not Specified.
Method of Application
Interested and qualified candidates should send their Resume and a brief Cover Letter outlining their experience and interest in this role to: [email protected] using the job title as the subject of the mail.