Head, IT Risk and Compliance

About us

Hugo is transforming the future of a continent by re-envisioning the future of its work. We exist to provide BPO excellence to our customers by investing heavily in the very best of African talent. 

African communities currently reap less than 2% of a global BPO market worth a staggering $430 billion annually. We are changing this. 

Specializing in digital and AI operations, omnichannel customer support, and trust & safety solutions for some of the world’s largest tech and media companies, we are providing the continent’s university educated youth with the skills necessary to build a meaningful career in the global digital economy. All whilst delivering industry-beating excellence for our clients. 

What you’ll be doing

Over the last two years, Hugo has experienced tremendous growth. We’ve grown to a community of 1,500+ FTEs, expanded into new countries, and evolved our client base from just unregulated start-ups to publicly listed tech behemoths. To maintain this trajectory, we need to “level up” our IT infrastructure and operations, and we are looking for an experienced IT enthusiast to help build our risk and compliance capability, as we prepare for the next stage of growth. 

Reporting directly to the Global Head of IT, this position leads, advises on, maintains, and reports on Hugo’s IT controls implementation, risk management, and compliance efforts. The position works closely with the Executive Leadership Team and business leaders, while leading IT gap assessment programs and risk workshops/forums.

As part of Hugo’s overarching risk management and governance framework, this role serves as a second line of defense that provides independent oversight and guidance on managing IT risks.

KEY RESPONSIBILITIES

Leadership & Development

• Work with the Global Head of IT and business leaders to foster a culture of compliance across Hugo.
• Provide guidance and training to employees/relevant stakeholders on compliance policies, procedures, and risk-related matters.
• Advise process owners on the design and implementation of IT controls (manual and automated) into processes and systems that support the achievement of business objectives.
• Lead risk assessments for all enterprise technology systems and processes, particularly those handling sensitive customer data (e.g., personal identifiable information).

Stakeholder Communication & Reporting

• Manage the quarterly ISMS management review and reporting on the organization's technology risk register.
• Monitor and report on the organization's technology (IT and information security) compliance obligations, including those related to legislation, licensing, and internal policies to the Global Head of IT and Chief Trust Officer (CTO).
• Provide regular reports on operational IT risks and security posture to the Global Head of IT.
• Where applicable, liaise with clients, auditors, and/or regulators to demonstrate conformance with applicable requirements, addressing inquiries and requests for information.

Policy Development & Enforcement

• Develop, implement, and maintain IT risk and compliance policies and procedures that align with industry best practices and regulatory requirements.
• Assist IT process owners in the creation and maintenance of policies, processes and procedures.
• Ensure proper documentation, permission control, and communication of policies across the organization.
• Monitor adherence to established policies, conducting internal reviews and audits to ensure compliance.
• Work with legal, people, service delivery, and strategic operations teams to embed IT risk and compliance requirements into organizational policies and procedures.

Compliance Management

• Develop and implement an IT compliance management and monitoring framework, overseeing the organization’s compliance efforts based on industry standards (e.g., ISO27001, PCI-DSS, SOC 2, HITRUST).
• Monitor, and report on the organization’s legal and regulatory compliance obligations, including those related to legislation (e.g., GDPR, NDPR, Cybercrime Act, NCC).
• Lead initiatives to secure sensitive customer data (e.g., cardholder data, personal identifiable information) according to applicable regulations.
• Maintain up-to-date knowledge of relevant regulations and best practices in IT risk and compliance, ensuring that the organization’s practices remain fit-for-purpose.

IT Risk and Governance

• Define a strategic roadmap and plan to deliver on IT Risk and Compliance objectives.
• Develop and implement an IT risk management framework to identify, assess, manage, and mitigate risks related to IT systems and data security.
• Perform general Risk Control Self-Assessment for the IT department covering people, process, technology, and suppliers, assigning risk severity scores and tracking mitigation plans.
• Provide advice and undertake regular reviews with risk owners to ensure the effectiveness (and documentation) of internal controls.
• Collaborate with IT and security operations teams to design and implement appropriate controls to protect against confidentiality, integrity, and availability incidents.

What you’ll need to apply

• 10 years experience in a Risk and Compliance role, with at least 3 years interacting with business leaders and executive leadership team.
• Hands-on, Individual contributor with strong communication (written and verbal) skills and the ability to work in a business partnering capacity whilst maintaining essential independence.
• Demonstrated track record of influencing stakeholders from different backgrounds and functions to drive risk-aware business outcomes.
• Demonstrated experience preparing and presenting risk reports to an executive and/or business leaders.
• IT GRC background with expert level knowledge of industry practices, IT processes, compliance frameworks and standards (e.g., COBIT, NIST, PCI-DSS, ITIL, ISO 27001 etc.)
• CISA, CRISC, CGEIT, or other relevant industry security-focused certifications preferred.
• An ability to lead strategically, with a commercial focus.

What SUCCESS LOOKS LIKE

• Risk Management Effectiveness: Reduction in IT risk exposure and security incidents.
• Compliance Adherence: Successful completion of audits with minimal findings.
• Client Satisfaction: Positive feedback from clients on the organization’s security and compliance posture.
• Policy Enforcement: High adherence to internal risk and compliance policies across the organization.

Our interview process

• Recruiter call: A call from one of our recruiters if we believe your profile looks a strong match for the role, during which we’ll evaluate your fit and discuss Hugo in more detail 

• Deep dive interviews: Typically, 3 interview stages designed to probe deeply the extent to which you have the skills, mindset, and behaviors to succeed in the role and at Hugo.

• Assessment tasks: During the process we may request that you complete psychometric assessments and/or a presentation and/or task-based exercise

NB: the output of any assessments you complete is treated as confidential and will be used for the sole purpose of best determining your fit for the role and company

• Meet the team: We conclude our process by arranging for you to speak with potential colleagues informally, allowing for greater insight into our culture, environment and, yes, challenges(!)

Equal opportunity statement

Diversity, equity and inclusion are part of our DNA. But we won't be resting on our laurels as we scale. Promoting and, where possible, improving diversity, equity and inclusion as a values-based and commercial necessity. 

We’re an equal opportunity employer. So, all applications will be considered without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity, or disability status. 

How To Apply

Please submit your resume and a brief cover letter outlining your experience and interest in this role to recruitment@hugotech.co. Be sure to include “Head, IT Risk and Compliance” in the subject line.