Oluchukwu Asuzu

Initiate the Preliminary risk and privacy impact assessment for new products & projects in Gate 4, providing risk analyst opinion and thereafter document risk report and recommendations

• Perform Threat risk assessment of existing critical system / application upgrade and ensure the security requirements are adhered to before Go-live
• Perform Operating Technology critical application risk assessment in line with NIST/ISO27001 cyber security standards and the NERC CIP, review all the existing controls and ensure its in place
• Conduct vendor maturity assessment and risk assessment for all prospective and existing vendor to assess security posture and ensure are aligned with the company’s cybersecurity framework
• Any security control gap is thereafter identified for mitigation
• Collect the necessary security and auditing information i.e
• SOC 2 Type 2 report ISO certifications, security policies) from third parties, analyze it, and confirm if the control is sufficient to address the requirements
• Partner with the Procurement & Legal team on the vendor onboarding requirements to ensure the process is aligned with Emera/NSPI Third party risk framework
• Coordinate the Risk treatment plan and ensure its approval and update in the risk register with risk ownership assigned
• Track and monitor risk mitigation plans and ensure that recommendations are implemented
• Review the vulnerability exception request submitted by the application owners and action based on the information provided
• Support the cyber awareness training, including the new hire training education program
• Develop monthly cybersecurity risk reports for the enterprise yber risk manager and senior leadership team
• Review current process and collaborate with our partners and other affiliates on the security GRC tools to maintain and enhance controls
• Maintain current knowledge on industry trends and emerging techniques and tactics used by cyber attacker to gain systems access
• Stay on top of changes in the industry as it relates to security.

• Develop and drive the overall resilience strategy ensuring alignment with the overall company’s strategic objectives to achieve best in class in BCM capabilities
• Collaborate with business units to integrate resilience into business plans
• Review the setup to ensure its robustness, nomination of Crisis Management Team & Experts, Business Continuity Correspondents & Champions, and ensure appropriate resilience tooling is available to reach employees
• Develop, review, update the Operational Resilience policy, Crisis Management policy, Crisis communication policy & handbook, Incident management policy and present to the management for approval
• Establish processes for the assessment and analysis of critical business functions, processes, services, systems, resources, and dependencies to determine potential risks, impacts, and recovery priorities
• Oversee the development, maintenance, and testing of the business continuity plans including emergency response and disaster recovery plans to ensure our critical assets are resilient and can continue during disruptions
• Facilitate the desktop simulation exercises for all business units handing critical processes and document improvements need(s) to be addressed accordingly
• Lead the design and implementation of disaster recovery plans for critical technology systems, ensuring timely recovery and minimal data loss
• Work with the IT department to design and conduct regular testing and validation exercises to assess the effectiveness of business continuity and IT disaster recovery plans
• Establish and manage a robust crisis management framework that includes clear communication protocols, crisis handbooks & Scenarios, escalation procedures, and a command structure
• Lead and coordinate incident response efforts during business disruptions, disasters, or other emergencies
• Identify potential risks and threats to the company’s operations, reputation, and assets
• Perform existing and new 3rd party vendor risk assessment in line with the Group’s criticality framework to ensure vendor risk is reduced to the barest minimum
• Develop and deliver training programs to enhance and promote the culture of preparedness and educate employees at all levels about their roles and responsibilities in business resilience efforts
• Update the self-assessment report showing progress, and metrics and maintain accurate records, documentation, and audit trails to demonstrate compliance
• Contribute to the budget management for operational resilience initiatives, ensuring optimal allocation of resources to address identified risks and enhance organizational resilience
• Development and Implementation of the IT Service continuity framework, Backup strategy and ensure IT Testing & Disaster recovery exercise is carried out on a regular basis
• Ensured all tools SWN, Noggins and Clear View are deployed and operationally active
• Foster strong partnerships with key stakeholders, including senior leadership, department heads, regulatory bodies, and external partners
• Collaborate to ensure a consistent and coordinated approach to resilience across the organization
• Stay current with industry best practices, emerging technologies, and regulatory changes related to operational resilience
• Maintain compliance with relevant laws and regulations and implement appropriate risk management measures.

• Ensure IT implement the Minimum Technical Security controls & instructions for the network & infrastructure and document regular status report and update to AXA Group and the Local Risk Committee
• Implement the ISO 27001 security assurance framework comprising the 114 controls and ensure are embedded within the local IT process
• Lead the annual ISO 27001 self/independent assessment project and drive the execution of remediation actions from the responsible stakeholders ensuring 100% compliance to improve the overall maturity level
• Perform vendor security risk assessment & due diligence in line with the Group framework and collaborate with the Procurement, Legal and Compliance team to review all external vendors
• Ensure proper IT security clauses are built into contracts and agreements with vendors
• Advise the IT and Digital Automation team during RFP processes and new IT projects that require Information Security input and provide guidance by referring to the group Architecture Review Board process
• Review and update of the Information Security policy and other related security policies in line with ISO 27001 standards and present to the local Risk and Compliance committee for validation
• Create security awareness by leveraging on the Group training programs and other local training opportunities Facilitates both physical/virtual training for new & existing employees
• Act as the single point of contact on all security audits by preparation/discussions with the auditors and coordinating the post-audit remediation action items among stakeholders to ensure all local audit issues are properly addressed on a timely basis
• Work with the IT to Implement the relevant security controls i.e., NIST-CSF 800, COBIT & PCI DSS
• Monitor and evaluate access rights to ensure that roles & responsibilities are in line with users' job functions
• Coordinate the execution of penetration testing and vulnerability assessment activities i.e., approval of the scope of the test, approval of the service level agreement, provide support and ensuring that all critical and high vulnerabilities are remediated within the acceptable timelines
• Provide Information Security updates and report to the Audit, Risk and Compliance and Board Audit and Risk Committee
• Coordinate the annual Crown Jewel Identification exercises for all the company subsidiaries and provide support required for the Data Leakage prevention (DLP) project
• Oversee the implementation of the security priorities and class A tools i.e., WAF, IDP/IPS, DDoS, Endpoint-protection, EDR, Data Classification, Network segmentation, PUAM, SOC, MFA, Disconnected Backup etc.

• Coordinate the annual risk control & self-assessment exercise and provide training and support to Process owners (Risk Correspondents & Champions) in fulfilling the risk template
• Document the High-Risk profile collaborating with the risk owners to ensure appropriate treatment and control is implemented to address and reduce the risk
• Collate the key risk from the various business units & other subsidiaries, flagging and escalating the risk above tolerance level to management via the Audit Risk and Compliance meetings
• Document & engage relevant business units on the Risk Quantification scenario exercise i.e
• (cyber risk, pandemic & breach of data protection) and report to AXA Group during engagement sessions
• Perform risk assessment for new assets and ensure all risk issues are addressed by the IT team before go-live of applications
• Perform risk assessment in all AXA Nigeria locations and ensure all Black & Red risk are treated by the concerned stakeholder(s)
• Develop and review the Business Continuity Plan and collaborate with IT on Disaster Recovery procedure as well as ensuring that the disaster recovery simulation is conducted biannually
• Provide Risk management updates to the Board Committee Meetings and the AXA Regional team
• Promote the culture of Risk Management by raising awareness via intranet, screensavers, internal communications and facilitate training for both employees and management
• Appointment & training of Safety Marshals & Deputies and ensure Fire Drills and safety assessment are conducted in all AXA Nigeria locations and reports disseminated to the concerned stakeholder(s).