Head, IT Security Operations & Information Risk Management at 9mobile Nigeria

9mobile is a Nigerian private limited liability company. EMTS acquired a Unified Access Service License from the Nigerian Communications Commission in 2007. The License enables EMTS provide Fixed Telephony (wired or wireless), Digital Mobile Services, International Gateway Services and National/Regional Long Distance Services in addition to spectrum assignments in the 900 and 1800 MHz bands.

We are recruiting to fill the position below:

Job Title: Head, IT Security Operations & Information Risk Management

Location: Lagos
Employment Type: Full-time

Job Summary

• Responsible for the on-time, cost-effective and right-quality delivery of business value through programs.  Structure and manage the portfolio of change ensuring that it is balanced, healthy, value-focused and consistently steered to deliver the intended business impact.
• Manage delivery teams by maintaining oversight of the overall program execution, enforcing adherence to standards, acceptable risk judgement and a business value-driven approach to the deployment of resources across the portfolio. 
• Collaborate with all relevant stakeholders within the delivery domain to ensure that desired business benefits are well articulated and that the portfolio deliverables are unambiguously mapped to such benefits. 
• Ensure business impact of projects is measurable, well-managed, monitored and constantly refined to ensure that investments are optimally targeted and strategic intentions achieved. 
• Promote a culture of execution excellence, risk-consciousness and a relentless focus on ROI/business value.
• Responsible for defining and maintaining the IT Risk Framework and its associated controls; evaluate overall information technology risk, maintain an active view on compliance, and report on the actual, mitigated and residual risk in the IT organization.  Liaise with all regulatory/ relevant government agencies, internal and external audit/assurance providers and other parts of the business in matters related to enterprise risk.

Principal Functions
Strategic/Tactical:

• Collaborate with IT strategy team and other demand management roles to ensure that program objectives, deliverables and timing are focused on business objectives based on impact & priority;
• Enhance the overall economic value of the portfolio in order to get the optimal return on investment.
• Collaborate with required EMTS project sponsors/executives and teams for assessment of value delivered vis-a-vis project objectives.  Implement framework for quantifying benefits for each initiative in line with business case and measurement of time to value. Ensure clear communication of expected business value and the timing of project objectives by project sponsor and clearly understood by project delivery organization.
• Support executive decision making on programs and projects based on company-specific criteria. These criteria may include how does the initiative fit in the defined enterprise architecture, how do risks and interdependencies come into play, how does the organization deal with compliance initiatives, etc.
• Develop and maintain the IT Risk Management framework by proactively developing and implementing an annual ITRM program and conduct periodic reviews to keep it current and relevant.
• Provide inputs to overall IT strategy formulation, lead the strategic risk management vision for the unit and ensure strategy delivery through the application of exceptional leadership skills, network of internal and external alliances and highly developed business skills.
• Responsible for ensuring that overall IT risk profile is maintained within acceptable levels in line with the risk appetite defined by the Board.

Operational:

Portfolio Prioritization, Selection& Delivery:

• Manage IT program pipeline by working with IT Management in selecting, prioritizing and orchestrating programs to deliver benefits that ultimately contribute to business success
• Convert approved programs to detailed project deliverables and requirements, align same with program delivery organization objectives and prioritize based on business value, exigencies and risk
• Ensure that project delivery organizations are fit-for-purpose in terms of structure, ability to deliver to EMTS' expectation, taking into account capacity, capabilities, and various dimensions of risk
• Influence & negotiate the allocation of resources from EMTS stakeholders to deliver program objectives and contribute to overall business success. Consistently ensure that the environment incentivize the project delivery teams to deliver value in a timely manner

Portfolio Governance:

• Plan and coordinate all IT Program Board meetings for effective tracking and review of project progress against agreed plans
• Prepare and publish periodic program portfolio health dashboard / project reports to relevant stakeholders and provide insights into potential issues & risks with appropriate recommendations
• Deploy exception management processes for failing or high risk projects
• Work with IT Program board to resolve conflicting priorities and ensure that business value is foremost by focusing decisions and actions on the things that matter most to the organization
• Ensure follow-through and closure of agreed actions and decisions taken by the IT Program Board
• Ensure all projects comply with required documentation and other standards, policies and procedures

Stakeholder & Communication Management:

• Manage commitments across stakeholders and ensure clear understanding of requirements and consistent communication across all parties
• Influence both EMTS and vendor stakeholders and create positive relationships through the appropriate channels to manage expectations and agreed objectives. Engender and sustain cross-functional alignment
• Responsible for timely escalation of potential risks and issues and renegotiation of commitments between project sponsors and delivery teams

Management of Portfolio Risks:

• Evaluate portfolio performance and interdependencies periodically in a bid to determine and quantify the probability and impact of risks within projects and across the overall portfolio
• Advise Management/ stakeholders on matters of risk & issues that are projects related and recommend actions to mitigate such
• Manage Program Quality by collaborating with IT Risk Management & other QA teams in defining and documenting standards, processes and procedures to guide and assure the quality delivery of projects and programs

Maintain Portfolio Knowledge Base:

• Ensure that the knowledge base for all project implementations, including lessons learnt, are maintained and properly indexed/catalogued for audit and reference purposes
• Provide adequate feedback mechanisms on process improvement initiatives to ORM, which is an outcome of project oversight responsibility.
• Accountable for IT risk management activities/issues affecting the organization and for implementing IT Risk policies, plans and procedures, and team organization to provide reasonable assurance that:
• IT Risk is well-understood &managed, and the team is well equipped to mitigate.
• Undesired events are detected, prevented and corrected, and
• IT risks are managed appropriately.
• Lead the identification of key risk indicators (KRIs) across all information assets and functions in the department based on current situation and trends to provide relevant & timely information for effective mitigation.
• Coordinate the activities of the IT Risk Council; implement the Governance, Risk & Control (GRC) program for the department.
• Conduct periodic business impact and risk assessment re business continuity for critical business processes and propose recommendations for addressing gaps.
• Drive and deliver effective business continuity strategies to support and, in time of disaster, recover the company's critical business functions.
• Direct the continuous and regular validation and testing of documented business continuity plans.
• Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically.
• Collaborate with assurance providers to provide an opinion on the control environment; Ensure all identified operational risks are resolved timely.
• Undertake periodic appraisals, recruit, train and develop team members in conjunction with the HR team to meet the changing needs of the company.
• Carry out other activities as instructed by the Chief Information Officer (CIO).

Educational Requirements

• Bachelor's Degree from an accredited college / university preferred.  Possession of an Advanced Degree, preferably an MBA, will be an advantage.
• Postgraduate and/or professional qualification in fields related to risk management will be an added advantage.

Experience, Skills & Competencies:

• 9 to 12 years of combined work experience in IT/Engineering/IT risk advisory experience or other high-risk aware industries (e.g. financial services) in leading and high-impact role(s) with progressive levels of responsibilities and up to 8 years in Portfolio Management or related activities (i.e. project / program management).
• At least 3 years experience in a managerial role.
• Proficiency in the use of Microsoft Excel, PowerPoint and MS Project and/or equivalent tools.
• Experience with program/ multi-project management; governance and decision-making; business case development; budget and resource management; initiative portfolio management
• Experience in working through complex issues and providing alternative solutions.
• Ability to lead, influence and gain the confidence and respect of senior executives, functional leadership, BRMs, business sponsors, and team members.
• Sound knowledge of internal business processes, outsourcing, program management and the mobile telecommunications industry; possesses a broad-based operational perspective and provides solutions for all forms of business risk.
• Recognized program management authority with good risk management awareness who can negotiate trade-offs and is dynamic, proactive and decisive. Adapts well to and initiates change in the organization.
• Highly developed business communications skill (verbal and written), team player, change agent, strategic and creative, excellent project management skills and the ability to drive performance, risk consciousness and compliance from all areas within the company.
• Deep knowledge of cyber threats landscape & related defenses, general information security and controls is required.
• Knowledge of/familiarity with deploying global/leading IT risk management standards, control and BCM processes will be advantageous.
• Demonstrate abroad-based operational perspective and provides solutions for all forms of business risk.
• Recognized risk/control authority who can articulate risk/reward trade-offs clearly and is dynamic, proactive, and decisive.
• Ability to cope and deliver at satisfactorily high levels when under pressure.
• Exceptional analytical, quick-learning and critical thinking skills.

Application Closing Date
Not Specified.