First Bank of Nigeria Limited Vacancies for Information Cyber Security Officers

First Bank of Nigeria Limited (FirstBank) is Nigeria's largest financial services institution by total assets and gross earnings. With more than 10 million customer accounts, FirstBank has over 750 branches providing a comprehensive range of retail and corporate financial services. The Bank has international presence through its subsidiaries, FBN Bank (UK) Limited in London and Paris, FBNBank DRC, FBNBank Ghana, FBNBank Gambia, FBNBank Guinea, FBNBank Sierra-Leone and FBNBank Senegal, as well as its Representative Offices in Johannesburg, Beijing and Abu Dhabi. We are recruiting to fill the vacant position below:     Job Title: Information Cyber Security (ICS) Risk Officer Ref No: 1900002S Location: Lagos Organization: Chief Risk Officer Directorate Schedule: Regular Shift: Standard Job Type: Full-time Grade Range - From: Assistant Banking Officer Grade Range - To: Senior Banking Officer Job Description

• Develops and manages IT risk and security for multiple IT functional areas (e.g., applications, systems, network and/or Web) across the enterprise
• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise Information/Cybersecurity risk.
• Communicates with multiple departments and levels of management to resolve technical and procedural information security risks
• Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures
• Conducts physical security risk assessment and track remedial action.
• Assesses threats and vulnerabilities in the Banks products and technology acquisition.
• Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively
• Plan and coordinate independent Vulnerability Assessment and Penetration Test (VAPT)
• Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate option
• Creates, disseminates and updates documentation of identified information/Cybersecurity risks and controls
• Assess information and Cyber security risk in cloud adoption and third-party integrations

• Minimum Education: First Degree in computer science/Engineering
• Professional Certifications: CISM, CISSP, ISO27001 Lead Implementer, ISO27032 Cyber Security Lead manager or any Cybersecurity Professional Certifications

• Minimum experience - 5 years’ experience in facilitating and conducting security assessments related to PCI-DSS, ISO 27001, and Cybersecurity Framework

• Perform security requirement validation and documentation reviews to ensure they are performed efficiently and effectively.
• Plan and coordinate independent Vulnerability Assessment and Penetration Test (VAPT)
• Monitors compliance with Information/Cybersecurity policies, baselines, guidelines and procedures
• Conduct Gap Analysis for ISO 270001/ISMS readiness and mock audit
• Reviews and delivers information security performance summary with analytical evaluation to leadership teams, as needed
• Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures
• Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
• Manage Internal and External Security Audit
• Develop metrics and monitoring processes to assess the effectiveness of the Bank’s overall information and cyber security risk management and measure its performance and efficiency.
• Obtain and review periodic PCI DSS compliance report from stakeholders in support of security requirements and report on any identified gaps for remedial action.

• First Degree in Computer Science/Engineering
• Professional Certifications: CISM, CISSP, ISO27001 Lead Implementer, ISO27032 Cyber Security Lead manager or any Cybersecurity Professional Certifications

• Minimum experience: 5 years experience in facilitating and conducting security assessment and compliance related to PCI-DSS, ISO 27001, and Cybersecurity Framework

• Develops policy, framework, security baselines and procedures for the information/Cybersecurity governance and risk management program, including control document reviews, stakeholder review/sign-off and post-approval communication.
• Plan and coordinate independent Vulnerability Assessment and Penetration Test (VAPT)
• Monitors compliance with security policies, standards, guidelines and procedures
• Continuously communicate and ensure staff and third-parties are aware of information and cyber security as it relates to their roles and/or services
• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk
• Coordinate the development and ongoing maintenance of Information and Cyber security (ICS) policies and procedures
• Empower staff bank-wide through periodically Information and cyber security risk awareness, training and publications including role based and privileged user training
• Ensure Information Security and Cybersecurity policy, framework and security baselines are enforced and report exceptions
• Develop an awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture
• Develop and communicate security awareness program through difference awareness sources: Newsletters, E-Learning (Computer Base Training), Facilitator Led training, E-flyers etc.

• Minimum Education: First Degree in Computer Science/Engineering
• Professional Certifications: ISO27001 Lead Implementer, ISO27032 Cyber Security Lead manager or any Cybersecurity Professional Certifications

• Minimum experience - 5 years’ experience in facilitating and conducting security awareness and policy development related to PCI-DSS, ISO 27001, and Cybersecurity Framework