Job Openings at a Financial Institution - PricewaterhouseCooper (PwC) Nigeria

Reference Number: 130-PEO01134
Department: People & Change Nigeria
Job type: Permanent

Roles & Responsibilities

• Develop and maintain application security baseline and standards across all applications within the Organisation.
• Responsible for enforcing application security controls in line with PCI DSS and ISO 27001 standards.
• Conduct risk assessments on in house and third-party applications.
• Responsible for ensuring all newly deployed applications into production environments are adequately tested and critical vulnerabilities observed are properly addressed before Go-Live.
• Conduct Static Code Reviews and security testing from design stage of new application development to ensure vulnerabilities are identified and corrected at the early stage of the development lifecycle.
• Conduct regular dynamic application security testing on production applications to identify and facilitate remediation of vulnerabilities.
• Responsible for integrating security tools, standards and processes into the software development lifecycle (SDLC) and DevOps frameworks.
• Provide security framework for application related projects and liaise with stakeholders to improve secure coding development standards across the organisation.
• Develop a framework for testing third party Application programming interfaces (APIs) and their integration with applications within the organisation’s environment.

Requirements

• A minimum of a degree in Computer Science / Engineering , Information Technology, Electrical Engineering or a related field from a recognized University.
• Professional Certifications in CISSP or CISM will be an added advantage.
• A Second degree is an added advantage
• Minimum of Eight (8) years of relevant IT work experience which may include Information Security, IT Infrastructure Management, IT Vendor Assessment and over two (2) years in a managerial role
• A must have experience in writing and testing web applications and web services in the following programming languages - C++, Java and JavaScript.

go to method of application »

Reference Number: 130-PEO01133
Department: People & Change Nigeria
Job type: Permanent

Roles & Responsibilities

• Responsible for enforcing procedures, standards and best practices across all the Organisation’s systems, network, databases, endpoints and mobile devices
• Responsible for establishing security baselines for servers, network, databases and endpoints
• Conduct quarterly vulnerability assessment scans across all Organisation’s subnets.
• Perform quarterly validation and reviews of the IT asset register
• Perform infrastructure security assessment and reviews for new deployments to production environments and assist in the compilation of an IT asset register.
• Conduct review of Endpoints to identify security configuration deviations from established security baselines
• Conduct reviews of databases to identify deviations from established security baselines
• Perform quarterly review of User Access rights and privileges to infrastructure systems
• Provide oversight responsibility and thought leadership with regards the implementation, operation and maintenance of technical controls to address risks associated with the use of privilege accounts
• Responsible for the implementation and operation of a mobile device management (MDM) solution to safeguard company data on mobile devices
• Responsible for the implementation and operation of a database activity monitoring (DAM) and Privilege Access Management (PAM) solutions to monitor the activities of DBAs on critical database systems and privilege users on Organisation’s systems and networks
• Liaise with the respective IT teams to ensure AD clean-up activities and the enterprise roll out of security patches across all systems and network devices.
• Liaise with the respective IT teams and service providers to ensure quarterly reviews of firewall rules
• Participate in all architecture reviews and discussions on the deployment of enterprise solutions across the bank
• Manage the Organisation’s Antivirus platform and ensure all endpoints and windows based servers have antivirus agents that are installed and are receiving virus definition files regularly from the antivirus server
• Perform other duties as assigned by the CISO or his designate.

Requirements

• A minimum of a degree in Computer Science / Engineering , Information Technology, Electrical Engineering or a related field from a recognised University.Minimum Professional Certifications in CISM, CRISC, CISA or ISSP.
• A Second degree is an added advantage
• Minimum of Eight (8) years of relevant IT work experience which may include Information Security, IT Infrastructure Management, IT Vendor Assessment, Risk and Compliance areas with 2+yrs in Supervisory/Managerial role.

go to method of application »

Reference Number: 130-PEO01136
Location: Nigeria
Department: People & Change Nigeria
Job type: Permanent

Roles & Responsibilities

• Responsible for the development, review and implementation Information security policies, procedures and standards to meet compliance requirements
• Develop and Implement an Information Risk Management program based on established best practice
• Conduct Regular risk identification and assessments of technology environments to identify significant technology related risks
• Conducts risk assessments on third party service providers
• Capture, maintain and monitor an information security risk register and assist in the information classification process for the entire Organisation
• Provide control recommendations for the various information classification levels.
• Conduct Risk assessments for technology projects and assist in establishing control measures to mitigate risks to an acceptable level
• Participate in the design and implementation of infrastructure and applications security solutions
• Develop and improve an information security awareness and training program and implement an automated platform for its delivery across the Organisation

Requirements

• A minimum of a degree in Computer Science / Engineering, Information Technology, Electrical Engineering or a related field of study from a recognised University
• Minimum Professional Certifications in: CISSP, CISM, CISA or CRISC
• A Second degree is an added advantage
• Minimum of Eight (8) years post qualification experience which may include Information Security, IT Infrastructure Management, IT Vendor Assessment, IT Infrastructure Management, IT Vendor Assessment, IT Governance, Risk and Compliance areas with two (2) years’ experience in Supervisory/Managerial role.

go to method of application »

Reference Number: 130-PEO01132
Department: People & Change Nigeria
Job type: Permanent

Roles & Responsibilities

• Lead and manage Organisation’s Security Operations Center (SOC).
• Responsible for incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
• Responsible for compliance to SLA, process adherence and process optimization to achieve the SOC’s operational objectives
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
• Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
• Responsible for integration of standard and non-standard logs into SIEM
• Creation of reports, dashboards, metrics for SOC operations and presentation to
• Executive Management and Cyber and Information security risk management (CISRM) committee
• Develop and maintain an incidence response program/plan consistent with incident response management processes and standards.
• Build run books for the management of security incidents within the Organisation
• Work with other SOC analysts to create security-related rules to provide alerts on any suspicious activities
• Conduct periodic threat simulation activities to evaluate the adequacy of deployed detective controls
• Establish and maintain a database of detected and reported information security incidents
• Provide support for forensic investigations related to Information security incidents and develop and share security event logging requirements with infrastructure and applications teams
• Liaise with stakeholders for timely isolation, containment and remediation of Indicators of Compromise (IOCs) related to validated threat intelligence information
• Perform other duties as assigned by the CISO or his designate.

Requirements

• A minimum of a degree in Computer Science / Engineering, Information Technology, Electrical Engineering or a related field of study from a recognised University
• Professional Certifications such as CISSP, CISM, CEH or GCIH will be an added advantage
• A Second degree is an added advantage
• Minimum of Eight (8) years of relevant IT work experience which may include Information Security, IT Infrastructure Management, IT Vendor Assessment and over two (2) years in a managerial role.