Responsible for Security control implementation, performing security monitoring and incident handling to ensure the Confidentiality, Integrity, and Availability of information assets for the company
• Design, manage and implement security controls in accordance to relevant security regulations, standards and frameworks (CBN-OFI, ISO27001, NDPR, PCI DSS) to safeguard and monitor events for information systems, enterprise applications, and data for the company
• Support the implementation of a comprehensive information security program
• Partner with relevant stakeholders to maintain and improve the security posture of our Businesses and IT. This includes the operational implementation of security policies and best practices.
• Evaluate the security posture of vendors and third-party partners. Establish and enforce security requirements in contracts and agreements.
• Develop appropriate measures to understand the effectiveness of securing our businesses through the availability of systems.
• Lead the implementation and management of security monitoring tools and technologies. Monitor security logs, incidents, and alerts to detect and respond to security threats.
• Collaborate with IT teams to integrate security considerations into the design and architecture of systems, applications, and infrastructure. Conduct security reviews of proposed IT projects and provide recommendations for improving security.
• Implement comprehensive vulnerability management systems across all assets on-premises and in the cloud.
• Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
• Conduct a periodic review of the IT Security management framework and ensure it is updated in line with industry trends and regulatory requirements.
Document Security breaches and assess the damage they cause.
• Prepare reports for management attention on residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
• Participate in IT security investigations and compliance reviews as requested by internal or external auditors.
• Conduct research, assess new threats and security alerts, and recommend appropriate actions to mitigate them.
• Raise the security awareness and education level of employees.
• Develop and maintain an incident response plan. Lead the response to security incidents, conduct investigations, and implement corrective actions to prevent future incidents. Coordinate with internal teams and external stakeholders as necessary.
• Have in-depth knowledge of our company’s policies, procedures, or overall IT environment. Adherence to all applicable Policies and Procedures is mandatory.
• Actively participate in the selection of information security solutions partners to manage and deliver IT Security projects within the organization
• Interface with other teams within and outside the IT department in the process of delivering security solutions.
KEY PERFORMANCE INDICATORS (KPI)
• Security incident reduction
• Mean time to detect (MTTD) and Mean Time to Respond (MTTR)
• Security Audit Findings closure
• Compliance and Regulatory Requirements adherence
• First-Time Fix Rate.
• Employee Awareness training effectiveness
• Bachelor’s degree in computer science or related field.
• Three (3) to Six (6) years of relevant work experience with enterprise information security implementation.
• Industry-recognized security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar certifications are highly desirable.
• Experience in information security or related field.
• Experience with computer network penetration testing and techniques.
• Experience in researching new or emerging technologies and processes that may be incorporated as solutions to reoccurring security concerns.
• Security incident and event management skills.
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Very good conceptual and analytical thinking skills.
• Good interpersonal and communication skills