Information Security Manager at Nigerian Exchange Group (NGX Group)

About the Job

• The Information Security Manager is responsible for the design, implementation, and maintenance of effective systems security solutions. S/he will also investigate and resolve identified systems security breaches, timely and proactive detection.
• This incumbent will lead the planning and design activities for the enterprise security architecture, under the directives of the Head, Technology Support, Infrastructure & Information Security; participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) in collaboration with other members in Information Security Management.
• The successful candidate will be expected to work actively and closely with the Head, Technology Support, Infrastructure & Information Security to achieve enterprise security goals. S/he must have the ability to think logically and analyse complex situations for effective, sometimes out of the box solutions and work with all stakeholders to develop strategic solution options and delivery plans. This position reports to the Head, Technology Support, Infrastructure & Information Security.

Responsibilities

• Monitor and advice on information security issues related to the systems and workflow to ensure the internal security controls are appropriate and operating as intended.
• Installing firewalls, data encryption and other security measures.
• Coordinate response to information security incidents.
• Expected to stay up-to-date on the latest intelligence, including hackers' methodologies, in order to anticipate security breaches.
• Conduct data classification assessment and security audits and manage remediation plans.
• Responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network.
• Proactively take steps to avoid security breaches.
• Maintain up-to date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Identifies potential threats to the confidentiality, integrity & availability of the system and network.
• Identify and architect appropriate security technologies based on risks, policies, and architecture.
• Support IT Architecture Review process and evaluate associated security of the proposed architectures.

Job Specification
To successfully deliver the above goals, the right candidate must have:

• A minimum of HND / Bachelor's Degree in Computer Science, Engineering, Mathematics, Physics, or any related discipline.
• A minimum of 5 years’ relevant post NYSC experience in Information Security, desktop, server, and/or network administration.
• Relevant information security-related certification (such as Certified Ethical Hacker, Certified Information Systems Security Professional, CompTIA Security+, Information Technology Infrastructure Library, etc.) is an added advantage.

Desired Competencies and Skill Requirements:

• Experience within the Financial or Services sector will be a distinct advantage.
• Experience in managing/working with senior stakeholders will be a distinct advantage
• Extensive Experience in enterprise security architecture design and enterprise security document creation.
• Solid knowledge of information security principles and practices.
• Installation, configuration, monitoring, and response to security system Understanding of advanced security protocols and standards.
• Experience with IP networking protocols, IPSec, VPNs, Firewalls, proxy services, DNDs, email, and access lists.
• Experience with internet web application, cloud computing, and network security techniques.
• Experience using some or all of the following or similar information security technologies: Active Directory, Intrusion detection/prevention systems (IDS/IPS), Web filtering, Vulnerability scanners, Encryption technologies for data at rest and data in transit, Mobile device, and removable media protection or management systems, Forensic analysis, Firewall, etc.
• Excellent knowledge and experience with security requirements for CISCO technologies, e.g. ASR, NEXUS, WAN, and Access routers, Checkpoint, Linux e.g. Suse and Ubuntu, Windows Server Security, and Desktop environments.
• Solid understanding of Configuration Management and testing methodologies both manual and automated.
• Experience in carrying out Codes Review.
• Strong knowledge of the business environment and technical infrastructures including software development, computer operations, network operations, and telecommunications.
• Experience in carrying out Security Audits and proactive hacking prevention will be advantageous.