Operation: Zain - Sudan
Job Group: Strategy & Business Development
Location: Khartoum - Sudan
Contract Type: Full Time
Closing Date: 02-Nov-2017
What To Do:
You will be accountable for Developing, implementing and maintaining an ERM framework and supporting policies and procedure Also Developing maintaining, supervising and executing a comprehensive process for identifying, assessing, mitigating, monitoring and reporting on risks that may impact on company performance including business risk. In addition to provide an effective InfoSec events and incidents management; with end-to-end management of controlling or directing how security events and other incidents should be handled.
How
- If you hold this position your main tasks and duties will be :
- Develop and implement a strategic and annual ERM plan
- Develop and implement risk assessment methodologies, models and systems
- Assess and maintain the risk maturity profile of the organization
- Facilitate the compilation of strategic and operational risk registers
- Facilitate the identification of risks utilizing appropriate tools and techniques then facilitate the assessment of identified risks
- Facilitate the development of risk response strategies (mitigation plans)
- Report all relevant ERM matters including; findings, risk positions and recommendations to relevant stakeholders
- Maintain a risk management philosophy and culture within the Company
- Manage the coordination of risk management with all assurance providers and coordinate the activities of the Risk Management Committee and perform the Secretariat function
- Document and ensure the communication of Key Risks to all departments
- Conduct statistical analysis to quantify risk using statistical models or analytical tools/models
- Consult different departments to ensure that risk assessment process is part of day to day activities
- Track, monitor and assess the adequacy of risk mitigation plan and controls
- Incident detection, gathering, investigation, analyze, classifying and recording
- Clearly systematically identifying the root cause analysis of all incidents.
- Incident ownership, monitoring, tracking, communication, resolution and recovery
- Development and maintenance of incident framework management
- Participate in a resolution of those incidents that cannot be resolved quickly by the help desk or by designated technical support groups in order to restore the service in an acceptable time frame
- Incident to Problem evaluation and escalation
- Documenting all incident in a professional manner
- Design creative security awareness tools for staff and other concern parties
- Conducting information security audit across the organization
What Do I Need
You will be required to have:
- B.Sc . in Computer Engineering / Science or information technology with minimum 2 years of experience in same or related role.
- Experience in Design, Implementation and Audit of ISO27001/ BS7799 or ISO 31000 based on ISMS.
- Strong data network implementation / support experience. CISSP, CISA, MoR, GRISC certification an advantage.
- Good understanding of Strategy and Risk Management process and procedure.
- Previous experience in a telecomm network environment is preferred
- To develop, interpret and apply best practice methods/processes .
Those Soft Skills
- Highly developed communication and reporting skills (verbal and written) in both Arabic and English .
- Excellent planning and orginization skills.
- Conflict handling and resolution skills .
- Analytical thinking & problem solving skills .
- Tenacity, Resilience and Self Management.
- Strong interpersonal skills.
- Ability to prioritize work.
- Highly developed skills in use of relevant IT packages including Excel, Access, Word, PowerPoint etc.