Dangote Group Job Vacancy – IT Risk Specialist

Job Title: IT Risk Specialist

Location: Lagos

Job Summary

• The IT Risk Specialist at Dangote Cement Plc will lead the identification, assessment, and mitigation of technology and cybersecurity risks across cement production plants and corporate operations.
• This role ensures that IT systems supporting manufacturing, logistics, and enterprise functions are secure, resilient, and aligned with the Group’s risk appetite and regulatory requirements.

Key Responsibilities

• Conduct objective, fact-based risk assessments on new and existing systems and share findings with all stakeholders within the information system.
• Managing the IT Risk environment, including related policies, standards, and processes.
• Manage the risk portfolio to include linking risk to controls, coordinating control owners to conduct RSCAs, and appropriately documenting control statements.
• Understand and provide advice on managing cybersecurity risks; collaborate with other IT professionals as needed to address new emerging threats.
• Manage the self-identified issue process; acceptance of issues; tracking SIIs and audit issues to closure.
• Develop and implement a cybersecurity defence strategy, including business continuity and disaster recovery procedures.
• Identify threats and conduct risk assessments to address cybersecurity risks.
• Work with the team to improve the security posture of the business and reduce its risk profile.
• Conduct on-site security assessments to measure the effectiveness of the third party’s current control environment.
• Knowledge and experience in information security standards. (ISO 27001, NIST, CIS, OWASP Top 10, Security Essentials)
• Maintain close working relationships with appropriate teams across and outside of IT.
• Work closely with all areas to ensure clear risk visibility with all IT staff.
• Provide Continuous Control Monitoring through Key Risk Indicators, providing challenges to KRIs.
• Establish and monitor key risk indicators and implement corrective action plans to mitigate risks.
• Work closely with Group Risk Management, ensuring that IT Risks are reported as required to the Group Risk Board Committee and aligned with Risk appetite and Risk tolerance levels
• Maintain an awareness of potential Emerging Risks and ensure these are recorded, visible, and considered in all new technology initiatives and financial planning activities
• Provide oversight of all Risk Events, ensuring they are recorded, investigated, closed off, or escalated as necessary

Required Skills & Experience

• Strong technical background with 5 + years of experience in risk management with proven IT risk and/or IT governance skills.
• Certified CRISC/CISA/CISM/CISSP or other relevant qualifications.
• An Information Security GRC position with strong knowledge of ISO27001, NIST, OWASP, and PSI-DSS
• Knowledge of risk management/cyber security controls and tooling is desirable.
• Has strong policy writing experience
• Can communicate with Senior Stakeholders about Information risk.
• Can build relationships with stakeholders at all levels.
• Ability to communicate complex information to a variety of audiences.
• Can work in a fast-paced environment
• Knowledge and understanding of Privileged Access Management, Patch Management, SOC Visibility, and Business Continuity
• Knowledge of Control/Vulnerability Assessment and Penetration Testing methodologies
• Experience using and configuring information security and risk management tools like Nessus, Tenable, Acunetix, BULP suite, Nipper tool, and more to generate and report IT risks.
• Able to work in a cross-cultural and cross-functional environment.

Benefits

• Private Health Insurance
• Paid Time Off
• Training & Development.
• Career Development Opportunities.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online

More in Jobrecruitmenthub