IT Governance, Risk & Compliance Specialist at Dangote
Dangote
The IT GRC Specialist is responsible for leading the design, implementation, and continuous improvement of IT governance, risk management, and compliance frameworks across the Group.
The role ensures that IT operations align with enterprise risk management objectives, regulatory requirements, and international standards (e.g., ISO 27001, NIST, COBIT) while providing strategic oversight of IT controls, risk posture, and compliance performance.
The Specialist acts as a key advisor to IT leadership, Internal Audit, and business stakeholders, ensuring that technology risks are proactively managed and compliance obligations are consistently met across the Group.
Key Duties and Responsibilities
Governance & Policy Leadership
Lead the development, implementation, and continuous improvement of IT governance frameworks, policies, standards, and procedures
Ensure alignment of IT governance practices with enterprise risk management and business objectives
Drive adoption and enforcement of IT policies across business units, plants, and shared services
IT Risk Management Oversight
Define and maintain the Group's IT risk management framework and methodology
Review and validate IT risk assessments across infrastructure, applications, and cloud environments
Provide oversight of the IT risk register and ensure timely remediation of high-risk items
Advise leadership on risk exposure, mitigation strategies, and residual risk acceptance
Compliance & Control Governance
Define IT control standards aligned with ISO 27001, NIST, COBIT, and regulatory requirements
Oversee IT General Controls (ITGC) framework and ensure effectiveness of key controls
Review control testing results and ensure remediation of identified gaps
Monitor overall IT compliance posture across the Group
Audit &Regulatory Engagement
Act as primary liaison for Internal Audit, External Audit, and regulatory assessments
Review audit findings and drive remediation strategies across IT functions
Ensure audit readiness and completeness of governance documentation
Data, Cloud & Third Party Risk Compliance
Provide oversight on cloud governance, data protection, and third-party risk management practices
Ensure shared responsibility models are clearly defined and enforced
Review vendor compliance with cybersecurity and regulatory requirements
Governance Reporting & Advisory
Provide executive-level reporting on IT risk, compliance posture, and control effectiveness
Present dashboards and insights to GCIO, risk committees, and leadership teams
Provide advisory support to IT and business stakeholders on governance and risk matters
Key Requirements
Education and Work Experience
Qualification and minimum experience for the Job Role
Bachelor's degree in IT, Computer Science, Engineering, Information Systems, Accounting/IS, or related field.
6 - 10 years' experience in IT governance, IT audit, risk management, or compliance.
Certifications in CISA, CRISC or CISM; ISO 27001 Lead Implementer / Lead Auditor; COBIT Foundation
Experience in complex environments (manufacturing, refinery, cement, FMCG, logistics) preferred.
Functional Competencies
Strong knowledge of IT governance frameworks (COBIT, ISO 27001, NIST)
Enterprise risk management and control design
Audit and regulatory compliance expertise
Stakeholder management and executive communication
Analytical and decision-making capability