Head, Security and Risk/Chief Information Security Officer at Electronic PayPlus Limited

Job Description

• Direct and approve the design of security systems;
• Ensure that disaster recovery and business continuity plans are in place and tested;
• Review and approve security policies, controls and cyber incident response planning;
• Approve identity and access policies;
• Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities;
• Maintain a current understanding the IT threat landscape for the industry;
• Ensure compliance with the changing laws and applicable regulations;
• Translate that knowledge to identification of risks and actionable plans to protect the business;
• Schedule periodic security audits;
• Oversee identity and access management;
• Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced;
• Manage all teams, employees, contractors and vendors involved in IT security, which may include hiring;
• Provide training and mentoring to security team members;
• Constantly update the cyber security strategy to leverage new technology and threat information;
• Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget; and
• Communicate best practices and risks to all parts of the business, outside IT.
• Conduct quarterly vulnerability and risk assessment
• Conduct bi-annual verification of IT assets in conjunction with IT and IAC departments, and submit accurate reports.
• Quarterly independent checks of network devices, user accounts and permission level of critical business machines; and submit report on findings.
• Review of Internal Security Manual with every new staff and conduct bi-annual/annual security awareness trainings.
• Review critical patch updates for vulnerability before updating the patch on all critical systems.
• Incidence management and prompt resolution.
• Conduct a quarterly inspection on all security devices to confirm they are working properly, and submit a comprehensive report to management.
• Monthly configuration review of all the Active Devices with the IT Manager.
• Review the weekly card access activities and submit report to the IAC and HR.
• Review key custodians suitability every quarter.
• Monthly review of the network diagram.
• Annual test of BCP and ERP rehearsal.
• Closure of audit non-conformity within stipulated time (MasterCard, Verve, VISA and interval audit.
• Review of the ISMS annually and compliance with the policies (clear desk policy, screen lock out etc.).
• Review network scan (GFI LAN Guard) report monthly.
• Monthly review of wireless (airtight) scan report.
• Review of quarterly external network (ASV) scan with IT & IAC for quick remediation of non-conformity.
• Conduct risk assessment and submit report to MD and BOD committee.
• Attend BOD committee quarterly meetings.
• Review of the annual penetration and vulnerability test report with IT & IAC, ensuring quick remediation of non-conformity.

Requirements
Academic Qualification:

• Bachelor's degree or HND in Computer Science

Professional Qualifications:

• CISSP Certification
• CISM Certification
• CISA Certification
• Cisco Certification

Experience:

• 7 years cognate experience in Information Security.

Key Skills and competencies:

• Confidence
• Excellent technical skills
• Organizational skills
• Planning skills
• Interpersonal skills
• Communication skills
• Problem solving skills
• Team working skills
• Attention to details
• Understanding of the code, specification and regulations related to the payment card industry
• IT skills.