Head, Security and Risk/Chief Information Security Officer at Electronic PayPlus Limited
Electronic PayPlus Limited is a foremost electronic payment company with years of experience in the industry. We are a card-based solutions provider primarily focused on providing total payment solutions to the banking industry and other payment institutions. We offer a wide variety of plastic cards from the simplest PVC to the most sophisticated smart contact and contact-less cards.
We are recruiting to fill the position below:
Job Title: Head, Security and Risk/Chief Information Security Officer
Location: Lagos
Job Description
- Direct and approve the design of security systems;
- Ensure that disaster recovery and business continuity plans are in place and tested;
- Review and approve security policies, controls and cyber incident response planning;
- Approve identity and access policies;
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities;
- Maintain a current understanding the IT threat landscape for the industry;
- Ensure compliance with the changing laws and applicable regulations;
- Translate that knowledge to identification of risks and actionable plans to protect the business;
- Schedule periodic security audits;
- Oversee identity and access management;
- Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced;
- Manage all teams, employees, contractors and vendors involved in IT security, which may include hiring;
- Provide training and mentoring to security team members;
- Constantly update the cyber security strategy to leverage new technology and threat information;
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget; and
- Communicate best practices and risks to all parts of the business, outside IT.
- Conduct quarterly vulnerability and risk assessment
- Conduct bi-annual verification of IT assets in conjunction with IT and IAC departments, and submit accurate reports.
- Quarterly independent checks of network devices, user accounts and permission level of critical business machines; and submit report on findings.
- Review of Internal Security Manual with every new staff and conduct bi-annual/annual security awareness trainings.
- Review critical patch updates for vulnerability before updating the patch on all critical systems.
- Incidence management and prompt resolution.
- Conduct a quarterly inspection on all security devices to confirm they are working properly, and submit a comprehensive report to management.
- Monthly configuration review of all the Active Devices with the IT Manager.
- Review the weekly card access activities and submit report to the IAC and HR.
- Review key custodians suitability every quarter.
- Monthly review of the network diagram.
- Annual test of BCP and ERP rehearsal.
- Closure of audit non-conformity within stipulated time (MasterCard, Verve, VISA and interval audit.
- Review of the ISMS annually and compliance with the policies (clear desk policy, screen lock out etc.).
- Review network scan (GFI LAN Guard) report monthly.
- Monthly review of wireless (airtight) scan report.
- Review of quarterly external network (ASV) scan with IT & IAC for quick remediation of non-conformity.
- Conduct risk assessment and submit report to MD and BOD committee.
- Attend BOD committee quarterly meetings.
- Review of the annual penetration and vulnerability test report with IT & IAC, ensuring quick remediation of non-conformity.
Requirements
Academic Qualification:
- Bachelor’s degree or HND in Computer Science
Professional Qualifications:
- CISSP Certification
- CISM Certification
- CISA Certification
- Cisco Certification
Experience:
- 7 years cognate experience in Information Security.
Key Skills and competencies:
- Confidence
- Excellent technical skills
- Organizational skills
- Planning skills
- Interpersonal skills
- Communication skills
- Problem solving skills
- Team working skills
- Attention to details
- Understanding of the code, specification and regulations related to the payment card industry
- IT skills.
Application Closing Date
15th November, 2019.
The post Head, Security and Risk/Chief Information Security Officer at Electronic PayPlus Limited appeared first on Jobs in Nigeria – http://jobsinnigeria.careers.