Information & Technology Risk Manager at Safaricom Telecommunication Ethiopia

Safaricom Telecommunication Ethiopia

Position: Information & Technology Risk Manager

Job Time: Full-Time

Job Type: Permanent

Place of Work: Addis Ababa, Ababa Abeba - Ethiopia

Posted date: 8 months ago

Deadline: Submition date is over

Role purpose:

The purpose of the Information security and Technology risk Management function is to bring the organization’s information security and technology risks under explicit management control. The role is in charge of providing line management and leadership for the function and liaising closely with other managers across the business and in particular in Technology.

The position is responsible for assuring oversight on Information Risk by implementing a comprehensive program to assess and mitigate current and emerging risks that impact the integrity, availability, accountability and confidentiality of information assets and the information environment in accordance with compliance and regulatory requirements.

Key accountabilities and decision ownership:

• Review and ensure adequate policies are implemented to manage Information risk across the company.
• Provide guidance in the interpretations of current policies related to specific situations as they arise.
• Create awareness on the policies in place across the company.
• Contribute to and critique the development of Information management policies, standards, Guidelines and procedures across the company and the monitoring thereof.
• Conduct policy exception reviews
• Coordinate/facilitate enterprise information risk assessments at regular intervals to assess and track the health of information management across the company bi[1]annually.
• Follow up and ensure agreed-upon action points are implemented effectively and on time.
• Perform ad-hoc risk assessments as per management’s request.
• Offer guidance on security risks on emerging threats and advise the business accordingly.
• Develop and embed appropriate Information Risk awareness initiatives across the business.
• Extend the security awareness culture to the customers.
• Offer specialist guidance & advisory to other business units for timely assurance of key/special projects.
• Offer guidance on the planning, implementation, monitoring and review of ISMS.
• Provide and support the custodians of information security monitoring tools in defining and coming up with metrics for measuring the organization's defense effectiveness and preparedness.

Must have technical/professional qualifications:

• Degree in IT, Business Information Systems (or related technical field) from a recognized university
• At least 4 years of proven working experience in the operational management of Information Systems / Information Security / Information Systems Audit role, or proven experience in business process assurance and/or risk analysis preferably in a telecommunications environment.
• Detailed knowledge of GSM and IT Networks is essential. Desired
• Experience on IT risk management, IT audit or business continuity management.
• Excellent documentation, communication, and stakeholder engagement skills.
• Working experience in Telecommunication/ Technology/ IT security.
• Professional certification in information management (CISA, CISM or CISSP CIMP, CDMP, CRM).