Head, Information Security Officer at Payment Access System Limited (PaySys)

Job Summary

• The Head is responsible for establishing, leading, and maintaining the company’s information security strategy, governance framework, cybersecurity architecture, and risk-management processes.
• The role ensures that digital financial services, data, infrastructure, and fintech products are secure, compliant with regulatory standards, and resilient against cyber threats.
• The Headprovides leadership in safeguarding customer data, ensuring transaction security, and protecting the organization from operational, cyber, and fraud risks.

Key Responsibilities

• Develop and implement the overall cybersecurity strategy aligned with business and regulatory requirements.
• Establish information security policies, standards, and controls in line with ISO 27001, PCI-DSS, NDPR, and CBN guidelines.
• Lead security governance programs and ensure continuous compliance with industry regulations.
• Oversee day-to-day cybersecurity operations including threat monitoring, detection, response, and remediation.
• Implement and manage SIEM, SOC operations, IDS/IPS, vulnerability scanners, and endpoint protection systems.
• Lead incident response and coordinate recovery efforts for cyberattacks, breaches, and fraud attempts.
• Conduct enterprise-wide security risk assessments covering infrastructure, applications, products, and third-party providers.
• Ensure adequate controls around KYC/AML data, payment processing systems, cloud environments, and APIs.
• Collaborate with Compliance to ensure alignment with CBN, NDPR, and global data protection standards.
• Design secure architecture for fintech platforms: mobile apps, payment gateways, POS systems, wallet systems, and APIs.
• Ensure encryption, secure coding practices, access control, identity management, and endpoint protection.
• Work with Engineering/DevOps to implement secure DevOps (DevSecOps) practices.
• Oversee fraud detection systems, transaction monitoring tools, and anomaly detection.
• Collaborate with Operations to reduce fraud incidents within agent networks, merchants, and digital channels.
• Investigate security breaches, fraud attempts, and unauthorized access incidents.
• Conduct third-party security assessments for service providers, aggregators, and banking partners.
• Ensure security clauses are included in SLAs, vendor agreements, and API integration documents.
• Develop and maintain Business Continuity (BCP) and Disaster Recovery (DR) frameworks.
• Conduct periodic cybersecurity drills, penetration tests, and system recovery testing.
• Lead and mentor the information security team.
• Drive organization-wide cybersecurity awareness and training programs.
• Provide security briefings to senior management and the board.

Qualifications & Requirements

• B.Sc. / HND in Computer Science, Information Security, Cybersecurity, Engineering, or related fields.
• Advanced degree (MSc/MBA) is an added advantage.
• Minimum 8–12 years in cybersecurity, with at least 5 years in leadership roles.
• Experience in fintech, banking, payments processing, or technology security.
• Strong knowledge of:
  • ISO 27001/27002
  • PCI-DSS
  • NDPR / GDPR
  • CBN information security guidelines
  • OWASP, NIST frameworks
• Relevant certifications (strongly preferred):
  • CISM, CISSP, CEH, CRISC, ISO 27001 Lead Implementer/Auditor.
• Experience with cloud security (AWS, Azure), SOC operations, penetration testing, and DevSecOps.