AB Microfinance Bank Nigeria is a foreign-owned financial institution, based in Lagos state, which offers a broad range of financial services to micro, small and medium scaled business.
REF CODE: LIS/DPO/NOV/2024
Job Summary:
The Lead Information Security is responsible to ensure that information related risks are kept at a minimum by making sure that controls are executed with quality and integrity, all staff are aware of and comply with information security policies and ensuring that non-compliance and other information security incidents detected are properly documented, investigated and addressed with appropriate corrective and preventive measures under guidance from the line supervisor. The Lead Information Security will also serve as Data Protection Officer (DPO). As DPO, he/she will be responsible for overseeing the organization’s data protection strategy and implementation. Ensures that the organization is complying with the Nigeria Data Protection Act (NDPA)/Regulation (NDPR) and other related regulatory requirements. He/she will also manage the Integrated Management System (IMS), ensuring implementation of and compliance to the relevant ISO standards in the IMS.
Main tasks and responsibilities:
- InfoSec Risk Control: Advise on InfoSec related risks associated with operational practices in general and introduction of new Software and Hardware in detail and define requirements for risk control.
- Continuously review and modify as applicable information security practices and procedures.
- Assist in the Risk Assessment process to include asset inventory, system criticality, and data classification, threat analysis and action plans.
- Drive implementation of essential elements of the NDPR and ensure compliance with the requirements of the Regulation and other related regulatory requirements.
- Lead the development and maintenance of ABN data protection framework and Integrated Management System, developing and driving a data protection and information security culture through awareness, training, and providing advice at all levels – up to and including the Board.
- Create and maintain robust policies and procedures and communicate effectively to the business; and input into relevant policies and procedures developed by other business functions.
- Provide advice regarding Data Protection Impact Assessments.
- Monitoring & Analysis: design and implement controls to help monitor day-to day quality and accuracy of implementation of Information Security Policies and processes. Analyses gaps between should be and as-is applying the Plan-Do-Act-Adjust Cycle and ensures overall quality of control outcomes as executed by team members.
- Under guidance from the line supervisor, ensure that information security is enforced across the IT department and at large in the bank.
- Reports Information Systems incidents to the management and the group’s information security office and ensuring up to date documentation exists for the same. Also, indicating disciplinary measures taken for non-compliance.
- Coordinates the capture of Information Systems key indicator metrics for reporting to the Management
Qualifications, Necessary Experience and Knowledge:
- At least a bachelor’s degree in computer engineering, Information Technology, Business Information Technology, Business Administration+ Banking
- Minimum of five years’ experience in information security and data protection, preferably in the banking sector.
- Professional certifications such as CISSP, CISM, or equivalent is highly desirable
- Strong working knowledge related to Network Connectivity, Infrastructure, Operating Systems, Architecture Security, Production Support and Application Management.
- Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
- Project management experience highly desired
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
- Ability to interpret and apply policies and regulations across a large, complex business
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions.
- Proven experience in risk management, incident response, and security operations.
- Strong working knowledge related to Network Connectivity, Infrastructure, Operating Systems, Architecture Security, Production Support and Application Management.
Method of Application
Signup to view application details.
Signup Now