Job Roles at Pishon and Brooks Advisory Services

JOB OBJECTIVE(S)

• The Group Head, Enterprise Risk Management, is responsible for designing, implementing, and overseeing the organization’s enterprise-wide risk management framework. The role ensures that all material risks such as strategic, financial, operational, Payment scheme, and reputational—are identified, assessed, mitigated, and reported in line with regulatory requirements and the company’s risk appetite, while supporting sustainable growth in a fintech environment.

DUTIES & RESPONSIBILITIES

• Develop and maintain a robust Enterprise Risk Management (ERM) framework aligned with the company’s strategy and regulatory expectations.
• Provide independent risk oversight across all subsidiaries and business units.
• Serve as the primary liaison between Management and the Board Risk Committee.
• Identify emerging and evolving risks including market, fraud, operational risks, Payment scheme regulatory risks.
• Proactively share Payment Scheme rule updates/changes to executive management that may negatively impact organisational business objectives
• Oversee Business related risk assessments for new products and business initiatives, and the processes that apply.
• Ensure business, operational and payment scheme regulatory risks associated with new products, digital channels, partnerships, and market expansion are properly evaluated.
• Design and monitor effective risk mitigation strategies and internal controls.
• Ensure integration of risk management into business decision-making and product development.
• Maintain and update the Risk register for Business, Scheme related and operational risks
• Supervise the regular review of key risk indicators associated with respective departments
• Maintain and update all business and operational risk related policies and frameworks e.g. Risk appetite framework
• Oversee the Change management process
• Serve as the primary liaison with law enforcement officials
• Collaborate with Compliance, Human resource Internal Audit, Legal, and Information Security teams.
• Oversee the remediation key risks (i.e. Non-compliance related) associated with transaction Processing, System integrity, MQR & Data integrity
• Prepare and present risk dashboards, reports, and key risk indicators (KRIs) to executive management and the Board when and if necessary.

STAFF ATTRACTION, MOTIVATION AND RETENTION

• Fill vacant roles within the department in a timely manner and provide opportunities for growth and development.
• Provide training, mentorship, and up-skilling programs.
• Recognize and reward individual and team achievements and contribution.
• Encourage open communication and feedback.
• Give employees autonomy and ownership of their work to motivate them.
• Foster a positive work culture that encourages collaboration, innovation, and creativity.
• Regularly engage direct reports to understand their needs and concerns.
• Foster a diverse and inclusive work environment that values different perspectives and backgrounds.

JOB REQUIREMENTS

• Education: BSc/HND in Finance/Economics/Accounting/Risk Management/Computer science /statistics or related fields.
• Certifications: ISO 3100 is mandatory.
• Others: Master’s Degree or MBA, ACCA, CRISC, ACA OR CFA would be an added advantage.
• Experience: Have a minimum of 14 years’ post-NYSC in risk management within fintech, banking, financial services, or technology-driven environments.#

KEY COMPETENCY REQUIREMENTS

Knowledge:

• Enterprise Risk Management frameworks and governance.
• Fintech operational, financial, and strategic risks.
• Regulatory and compliance requirements.
• Risk appetite setting and Board reporting.
• Conducting Risk assessments

Skill/Competencies:

• Deep understanding of enterprise risk frameworks (COSO, ISO 31000).
• Strong knowledge of fintech risks, digital payments and emerging technologies.
• Excellent analytical, strategic thinking, and problem-solving skills.
• Strong stakeholder management, communication, and presentation skills.
• High ethical standards, independence, and sound judgment.

go to method of application »

JOB OBJECTIVE(S)

• The Group Head, CISO is responsible for developing, implementing, and overseeing enterprise-wide information security, cyber risk, and data protection strategy across the group, developing security policies and procedures that provide adequate business application protection without interfering with core business requirements. The role ensures the confidentiality, integrity, and availability of information assets, while maintaining full compliance with regulatory, contractual, and industry security standards relevant to a fintech environment.

DUTIES & RESPONSIBILITIES

• Establish and maintain security governance frameworks, policies, standards, and procedures across all subsidiaries.
• Provide regular cyber risk reporting to Executive Management and the Board.
• Oversee the design and implementation of secure IT and cloud architectures for fintech platforms, APIs, payment systems, and digital channels.
• Approve security controls for applications, infrastructure, endpoints, networks, and data environments.
• Identify, assess, and manage information security and cyber risks, including thirdparty and cloud-related risks.
• Ensure compliance with applicable regulations and standards such as: ISO 27001 / ISO 22301, PCI-DSS, NDPR / GDPR, Central Bank and financial services cybersecurity guidelines.
• Define and execute the Group-wide information security and cybersecurity strategy aligned with business objectives and regulatory expectations.
• Ensure robust data protection, privacy, and information classification frameworks across the Group.
• Establish and enforce third-party security risk management processes.
• Review and approve security requirements for vendors, fintech partners, and service providers.
• Monitor compliance with outsourced services with Group security standards.
• Oversee threat intelligence, vulnerability management, penetration testing, and red-team exercises.
• Lead the Cybersecurity Incident Response Framework, including detection, response, investigation, and recovery.
• Champion responsible for data usage and protection of customer and corporate data
• Work closely with Legal and Compliance to manage data breaches, regulatory notifications, and customer communications.
• Keep abreast of the IT industry development & awareness, trends, latest security and privacy legislation, including legal considerations, e.g. privacy.
• Delivering new security technology approaches and implementing next generation solutions.
• Developing and implementing business continuity plans to ensure service is continuous when a change program is introduced, or a security breach occurs or if the disaster recovery plan needs to be triggered.
• Conducting a continuous assessment of current cybersecurity practices and systems and identifying areas for improvement.

STAFF ATTRACTION, MOTIVATION AND RETENTION

• Fill vacant roles within the department in a timely manner and provide opportunities for growth and development.
• Provide training, mentorship, and up-skilling programs.
• Recognize and reward individual and team achievements and contribution.
• Encourage open communication and feedback.
• Give employees autonomy and ownership of their work to motivate them.
• Foster a positive work culture that encourages collaboration, innovation, and creativity.
• Regularly engage direct reports to understand their needs and concerns.

REQUIREMENT

• Education: Bachelor’s degree in computer science, Information Security, or related field.

Knowledge:

• Excellent interpersonal and written communications skills.
• Solid knowledge of electronic and site security issues, and a firm understanding of the organization’s business requirements.
• The CISO must also be able to stay abreast of any new developments in the rapidly changing security environment to avoid serious and/or costly mistakes as well as focus and determine on what actions could and should be carried out for an organization’s infrastructure at a given time.
• Excellent communication skill to balance between business and security requirements.
• Very strong analytical and creative problem-solving skills.
• Technical Skills: Understanding of failover mechanisms and replication technologies to ensure seamless recovery of IT infrastructure. Familiarity with cloud platforms like AWS, Azure, and Google Cloud, and their business continuity features, including automated backups and high availability configurations. Understanding of cloud-based disaster recovery strategies and the use of multi-region or multi-cloud deployments for business continuity. Basic understanding of network and infrastructure components (e.g., TCP/IP, DNS, firewalls, routers) to identify vulnerabilities in systems that could impact continuity.
• Understanding of integrated Governance, Risk, and Compliance (GRC) platforms for risk assessment and reporting.

go to method of application »

JOB OBJECTIVE(S)

• To provide independent assurance to management on IT General Controls.
• Ensure best assurance practice in the plan and execution of IS Audit Programs.
• Ensure enterprise wide compliance of business processes and operations to internal policies, procedures and documentations.
• Incorporation of standard practices, principles and processes into audit programs and execution.
• Review of risk related control issues and draft appriopriate remediation plans.
• Understand the business environment and develop relationships with audit client in providing value added solutions and best practices implementation.
• Ensures the effectiveness of IT governance, cybersecurity, system controls, data integrity, and regulatory compliance in line with financial services and fintech regulatory requirements.

DUTIES & RESPONSIBILITIES

• Audit Review of Database Management Systems, Enterprise Network security and Device configuration, Antivirus, Systems Patches and Log Management.
• Audit Review of Software Development Life Cycle, Project Management Implementation and Change Management Procedures.
• Develop and execute a risk-based IT audit strategy aligned with the company’s FinTech operating model and regulatory landscape.
• Audit Review of Data Encryption Processes, Key Encryption/ Key Management Lifecycle, and Operating Systems, physical and logical security of card holder environment.
• Audit Review of Active Directory, Operating Systems, Data Bases, Systems’ Logs, Soc, Transaction monitoring and backup & tape management.
• Ensure IT audit coverage aligns with financial services regulations, including data protection, cybersecurity, and technology risk requirements.
• Assess systems and general IT controls and provide practical and Value-added remediation plans.
• Prepare audit reports that summarize the most significant control weaknesses and resulting impact to the organization.
• Provide strategic advisory support on emerging technology risks, digital transformation initiatives, and new product launches.
• Participate in multiple and simultaneous risk assessment.
• Evaluate general IT controls (GITCs) including access management, change management, system development life cycle (SDLC), and IT operations.
• Contribute to internal departmental initiatives such as training, departmental development initiatives and other internal projects as requested.
• Effectively discuss audit issues and develop business focused controls recommendations to strengthen control lapses and weaknesses-based audit while maintaining departmental quality standards. Function as part of a team or work independently when requires.

REQUIREMENTS

• EDUCATION: University: Bachelor’s degree in Information Technology, Computer Science, or Related field.
• OTHERS: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or related professional certifications would be an added advantage.
• Experience: Minimum of 10 years’ experience in IT Auditing or a similar role. Understanding of the key technology and general controls around enterprise. Applications and information systems. Strong experience auditing cloud environments, digital platforms, cybersecurity, and third-party vendors.

KNOWLEDGE:

• Knowledge of Systems and General IT Controls.
• Analytical skills to access Operational and Compliance Requirements of Application systems and infrastructure.
• Strong Data Analysis and experience with Computer Assisted Auditing Techniques.

SKILL/COMPETENCIES:

• Deep understanding of fintech systems, digital payments, APIs, cloud infrastructure, and cybersecurity risks.
• Strong knowledge of IT control frameworks (e.g., COBIT, ISO 27001, NIST, NDPA).
• Excellent stakeholder management, communication, and presentation skills.
• High integrity, independence, and sound professional judgment.