Head, Information & Cybersecurity Risk ((ICS)

• Define, direct and support security efforts through development and ensuring enforcement of 
  Information/Cybersecurity policies, framework, procedures, baselines and other forms of guidance that 
  should be followed by staff, vendors and other external parties.
• Manage information/Cybersecurity risk management programs for the Bank
• Lead and mentor the Information/Cybersecurity risk team and other functional partners to conduct and 
  meet cybersecurity risk management objectives for the Bank
• Manage Information security standards implementation, maintenance and co-ordination (ISO 27001, PCI 
  DSS, etc.) readiness and certification to optimize FirstBank overall information security posture.
• Manage independent and external Vulnerability Assessment & Penetration test (VAPT) and track remedial 
  action.
• Evaluate all identifiable Information/Cybersecurity vulnerabilities, threats, likelihood of successful exploit, 
  potential impact, weak controls and associated risk using appropriate tools and methodologies.
• Proactively and independently provide Information and cybersecurity risk report to Senior Management 
• Provide technical expertise for security risk assessment, recommendation and regularly engage 
  stakeholders for timely remediation of identified security gaps and process improvement.
• Provide oversight functions of information security disciplines, compliance, technologies, and guidelines
• Manage on-going external security audit process from Certifying Body such as British Standard Institute 
  (BSI), Payment Card Industry Security Standard council (PCI SSC)/Qualified Security Assessor(QSA), CBN 
  and other regulatory bodies, liaising with relevant stakeholders on established audit requirements and 
  any identified corrective action.

JOB REQUIREMENTS

• Minimum Education: First Degree in computer science/Engineering 
• Professional Certifications: Certified Information Security Manager (CISM), ISO27001 Lead Implementer, ISO27032 Cyber Security Lead manager or any Cybersecurity Professional Certifications
• Minimum of 12 years’ experience in facilitating and conducting security assessments related to PCIDSS, ISO 27001, and Cybersecurity Framework.