IT Risk Specialist

Job Summary

The IT Risk Specialist at Dangote Cement Plc will lead the identification, assessment, and mitigation of technology and cybersecurity risks across cement production plants and corporate operations. This role ensures that IT systems supporting manufacturing, logistics, and enterprise functions are secure, resilient, and aligned with the Group’s risk appetite and regulatory requirements.

Key Responsibilities

• Conduct objective, fact-based risk assessments on new and existing systems and share findings with all stakeholders within the information system.
• Managing the IT Risk environment, including related policies, standards, and processes.
• Manage the risk portfolio to include linking risk to controls, coordinating control owners to conduct RSCAs, and appropriately documenting control statements.
• Understand and provide advice on managing cybersecurity risks; collaborate with other IT professionals as needed to address new emerging threats.
• Manage the self-identified issue process; acceptance of issues; tracking SIIs and audit issues to closure.
• Develop and implement a cybersecurity defence strategy, including business continuity and disaster recovery procedures.
• Identify threats and conduct risk assessments to address cybersecurity risks.
• Work with the team to improve the security posture of the business and reduce its risk profile.
• Conduct on-site security assessments to measure the effectiveness of the third party's current control environment.
• Knowledge and experience in information security standards. (ISO 27001, NIST, CIS, OWASP Top 10, Security Essentials)
• Maintain close working relationships with appropriate teams across and outside of IT.
• Work closely with all areas to ensure clear risk visibility with all IT staff.
• Provide Continuous Control Monitoring through Key Risk Indicators, providing challenges to KRIs.
• Establish and monitor key risk indicators and implement corrective action plans to mitigate risks.
• Work closely with Group Risk Management, ensuring that IT Risks are reported as required to the Group Risk Board Committee and aligned with Risk appetite and Risk tolerance levels
• Maintain an awareness of potential Emerging Risks and ensure these are recorded, visible, and considered in all new technology initiatives and financial planning activities
• Provide oversight of all Risk Events, ensuring they are recorded, investigated, closed off, or escalated as necessary

Required Skills & Experience

• Strong technical background with 5 + years of experience in risk management with proven IT risk and/or IT governance skills.
• Certified CRISC/CISA/CISM/CISSP or other relevant qualifications.
• An Information Security GRC position with strong knowledge of ISO27001, NIST, OWASP, and PSI-DSS
• Knowledge of risk management/cyber security controls and tooling is desirable.
• Has strong policy writing experience
• Can communicate with Senior Stakeholders about Information risk.
• Can build relationships with stakeholders at all levels.
• Ability to communicate complex information to a variety of audiences.
• Can work in a fast-paced environment
• Knowledge and understanding of Privileged Access Management, Patch Management, SOC Visibility, and Business Continuity
• Knowledge of Control/Vulnerability Assessment and Penetration Testing methodologies
• Experience using and configuring information security and risk management tools like Nessus, Tenable, Acunetix, BULP suite, Nipper tool, and more to generate and report IT risks.
• Able to work in a cross-cultural and cross-functional environment.

Benefits

• Private Health Insurance
• Paid Time Off
• Training & Development
• Career Development Opportunities