IT RISK SPECIALIST AT DANGOTE GROUP | IT RISK JOBS IN LAGOS

About Company:

Dangote Group is one of Nigeria’s most diversified business conglomerates with a hard – earned reputation for excellent business practices and products’ quality with its operational headquarters in the bustling metropolis of Lagos, Nigeria in West Africa.

Job Description:

We are seeking an exceptionally logical, technically elite, and strategically minded IT Risk Specialist to join our Group IT Risk & Governance division. Operating as the primary architect of technology risk resilience, you will hold absolute operational accountability for identifying, assessing, and mitigating digital vulnerabilities across our manufacturing plants, logistics networks, and enterprise IT functions.

Requirements:

1. Technical IT Risk Assessment & Vulnerability Governance

• Objective System Auditing: Plan and execute fact-based risk assessments across legacy networks, newly deployed software architectures, cloud environments, and industrial plant systems, sharing findings across the information systems ecosystem.

• Vulnerability Analysis: Utilize and configure industry-standard information security and scanning tools—including Nessus, Tenable, Acunetix, Burp Suite, and Nipper—to surface, evaluate, and classify infrastructure risks.

• Third-Party Security Appraisals: Conduct rigorous on-site and remote security assessments on vendors, cloud hosts, and third-party supply chain partners to verify the strength of their control environments.

• Emerging Threat Surveillance: Maintain a comprehensive registry of potential and emerging cyber threats, ensuring these risks are factored into new technology initiatives and corporate financial planning.

2. GRC Framework Engineering & Control Architecture

• Policy Architecture Development: Draft, review, and roll out comprehensive IT risk management frameworks, data governance policies, standard operating procedures, and operational control statements.

• RCSA Orchestration: Design and coordinate the Risk and Control Self-Assessment (RCSA) lifecycle—mapping technical risks to corresponding security controls and guiding control owners through active compliance tracking.

• Issue Lifecycle Management: Manage the self-identified issue (SII) process, assessing risk acceptances, tracking internal audit issues, and monitoring remediation plans down to verified closure.

• Control Standards Alignment: Enforce structural compliance across recognized global frameworks, including ISO 27001, NIST, CIS Controls, OWASP Top 10, and PCI-DSS.

3. Cyber Defense Strategy & Incident Oversight

• Resilience & Recovery Design: Partner with core technical teams to build and optimize robust cybersecurity defense strategies, encompassing business continuity (BCP) and disaster recovery (DRP) failovers.

• Systems Hardening Advisory: Provide expert technical advice on Privileged Access Management (PAM), enterprise patch management schedules, Security Operations Center (SOC) visibility metrics, and penetration testing methodologies.

• Risk Event Forensic Governance: Oversee the central Risk Events log—ensuring all system breaches, data leakages, or hardware failures are thoroughly investigated, documented, closed out, or escalated as necessary.

4. Stakeholder Integration & Group Board Reporting

• Continuous Control Monitoring: Establish, track, and challenge Key Risk Indicators (KRIs), deploying rapid corrective action plans whenever risk thresholds are breached.

• Group Risk Matrix Synchronization: Partner with the Group Risk Management unit to ensure critical IT risks are accurately structured and reported to the Group Risk Board Committee, fully aligned with DCP's risk appetite and tolerance levels.

• Cross-Functional Communication: Bridge communication gaps between software developers, plant engineers, and C-suite executives by translating complex technical exploits into actionable business metrics.

Qualifications and Skills:

Education & Professional Accreditations

• Degree Baseline: Bachelor’s Degree (B.Sc. / B.Eng.) in Computer Science, Cybersecurity, Information Technology, Computer Engineering, or a strictly related quantitative/computing discipline from an accredited institution.

• Professional Charter (Mandatory): Must possess at least one active, globally recognized risk or information security certification—such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CISSP (Certified Information Systems Security Professional).

Experience Parameters & System Footprints

• Domain Longevity: Minimum of five (5) years of progressive, verifiable experience operating directly within an IT Risk Management, IT Governance, or Cybersecurity GRC capacity.

• Environmental Agility: Direct experience working within a fast-paced corporate infrastructure, ideally spanning multi-location setups, heavy manufacturing, energy plants, telecom networks, or highly regulated tier-1 corporate ecosystems.

Salary

Application Closing Date: Not specified

Application Instructions:

Click the  button below to apply