Head of Information Security at TalentSquare

Location: Lekki Phase 1, Lagos 
Job Type: Full-time

Job Description

• This is a senior-level role. The ideal candidate will be responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems, and assets from both internal and external threats.
• They will be in charge of protecting the organization's computers, networks, and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals.

Responsibilities
Below are the functional objectives that justify this position:

• Correct execution of processes and tasks for information security management:
  • Carry out risk management responsibilities under the organizations Information Security Policy and the information security responsibilities under the CBN Risk-Based Cybersecurity Guidelines.
  • Serve as the primary liaison for the Chief Risk Officer (CRO) to system owners, common control providers, and system security officers; serve as deputy CRO for risk management succession planning.
  • Coordinate with senior management responsible for privacy (including Head of Legal and Head of Product Management) to ensure coordination between privacy and information security programs.
  • Administer security program functions, maintain security duties as a primary responsibility, and head an office with the specific mission and resources to assist the organization in achieving trustworthy, secure information and systems in accordance with the requirements in the organizations Information Security Policy and the CBN Risk-Based Cybersecurity Guidelines.
  • Protect information and information systems from unauthorized system activity or behavior to provide confidentiality, integrity, and availability.
• Participate in system security through the input of subject matter expertise:
  • Ensure the maintenance of the security and privacy posture for all the organizations' information systems, working in close collaboration with the system owners.
  • Serve as a principal advisor on all matters involving the security controls for all the organizations' information systems.
  • Assist in the development of system-level security and privacy policies and procedures and ensure compliance with those policies and procedures.
  • Monitor systems and its environment of operation to include developing and updating security and privacy plans, managing and controlling changes to the system, and assessing the security or privacy impact of those changes.
  • Ensure compliance with privacy requirements and manage the privacy risks to individuals associated with the processing of Personally Identifiable Information (PII).
• Correct execution of processes and tasks for Common Controls:
  • Implement, assess, and monitor security controls inherited by organizational systems and managed the Security Operations Center (SOC) service.
  • Ensure the documentation of organization-defined common controls in security and privacy plans (or the equivalent documents prescribed by the organization).
  • Ensure that qualified assessors with an appropriate level of independence conduct required assessments of the common controls; document assessment findings in control assessment reports; and produce plans of action and milestones for controls having deficiencies.
  • Provide security and privacy plans, security and privacy assessment reports, and plans of action and milestones for common controls (or summary of such information) to the system owners of systems inheriting common controls after the information is reviewed and approved by the authorizing officials accountable for those common controls.
• Correct execution of processes and tasks for security architecture:
  • Ensure that enterprise architecture (including reference models, segment architectures, and solution architectures) and systems supporting the mission and business processes adequately address the protection needs of stakeholders and the corresponding system requirements necessary to protect organizational missions and business functions and individuals’ privacy.
  • Serve as the primary liaison between the enterprise architect and the systems security engineer and coordinate with all system owners and system security or privacy officers on the allocation of controls.
  • Advise the Chief Information Officer, Chief Risk Officer, and other Senior Management roles on a range of security and privacy issues. Such issues include (but is not limited to) establishing authorization boundaries, establishing security or privacy alerts, assessing the severity of deficiencies in the system or controls, develop effective plans of action and milestones, create risk mitigation approaches, and potential adverse effects of identified vulnerabilities or privacy risks.
• Correct execution of process and tasks for cybersecurity compliance:
  • Implement all assurance-related security controls and control enhancements and all security controls and control enhancements implemented by the organization and its people through nontechnical means.
  • Oversee the implementation of all security control and control enhancements implemented by organizational systems through technical means.
  • Manage the security aspects of all the organizations' information system and Security Operations Center (SOC) service, including but not limited to, physical and environmental protection, personnel security, incident handling, and security and privacy training and awareness.

Qualifications

• Possess a Bachelor degree from an accredited university. A Master degree, a postgraduate degree, or other postgraduate university education is a plus.
• Professional certification is necessary to demonstrate proficiency in the functional objectives of the role. Where certification is in progress, evidence must exist of qualification within six (6) months of hire. The following professional designations apply to this role: Certified Information Security Manager (CISM), PCI Internal Security Assessor (ISA) or ISO Lead Auditor, and Certified Information Systems Security Professional (CISSP).
• The following professional designations are a plus: Project Management Professional (PMP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).

Required Professional Experience:

• A minimum of 13 - 15 years of relevant experience related to the job, of which at least 7 years must be in a supervisory role with direct and indirect reports. Experience must include functioning as an analyst, associate, consultant, manager, and similar roles in risk management, information security, or assurance-related disciplines.
• Demonstrate knowledge of standards or guidelines to ensure information security or to improve processes, particularly ISO 27001, NIST 800-37, NIST 800-53, and NIST 800-53A. In addition, demonstrate knowledge and expertise in project management.
• Must be able to develop technical documentation and non-technical presentations; and, express information in a clear, concise, and organized manner, both verbally and in writing.
• Must be detail-oriented and possess strong organizational and project management skills with the ability to prioritize multiple tasks and projects.
• Will work independently and make decisions regarding complex issues with appropriate consultation of peers, cross-functional teams, and supervisors. Must be analytical and able to analyze complex information, synthesize disparate data sources, and communicate effectively to management, operational, and technical personnel.

Key Competencies:

• Job Knowledge (i.e. applies appropriate depth and scope of professional knowledge to the job; maintain knowledge of organizational operations, policies, and procedures).
• Problem Solving & Judgment (i.e. independently recognizes and diagnoses problems; compiles, analyzes, and evaluates relevant information; exercises judgment in reaching logical conclusions and follows through with timely action.
• Customer Service Skills (i.e. develops and maintains positive internal and external customer relationships; demonstrates competence in listening, understanding, anticipating, and/or resolving customer needs promptly.
• Initiative & Reliability (i.e. demonstrates originality, versatility, and independent action in executing assigned functions, learning new techniques, and applying new and learned techniques to work assignments; meets obligations within agreed-upon timeframes).
• Communication Skills (expresses self in a clear, concise, and organized manner, both verbally and in writing).

Remuneration
The salary is competitive and commensurate with qualifications and experience.