Head of Security and Risk

6 days ago


Lagos, Lagos, Nigeria Electronic PayPlus Limited Full time

We are a smartcard manufacturing company committed to delivering innovative solutions and exceptional service to our customers. As we continue to grow and expand our operations, we are seeking a dynamic and experienced individual to join our team as the Head Sales and Business Development.

JOB OVERVIEW

  • Ensure full compliance with PCI DSS physical security requirements covering CCTV, physical Access control systems, network systems and servers, and monitoring of internal and external security systems/structures, high security area, card production staff, security guards/operatives, visitors.
  • Enforce a need-to-be-there policy for all visitors and contractors.
  • Apply preventive controls review and ensure all card manufacturing and card personalization operatives comply with PCI Card Production Physical Security Requirements over staff access and movement to mitigates financial losses associated with non-compliance.
  • Effectively monitor, acknowledge, and log alarms when triggered by any event including DOTL Door Open Too Long, Body Count, Dead-man, Alarm, Panel Fault Alarm, and Device Fault Alarm, Access Control System – Alliance Server.
  • Ensure that the access control system is reviewed weekly and audited quarterly by Internal Audit and Compliance Department for compliance.
  • Meets system security financial objectives by forecasting requirements; preparing an annual budget; scheduling expenditures; analysing variances; initiating corrective actions.
  • Protects computer assets by developing security strategies, directing system control development and access management, monitoring, control, and evaluation.
  • Establishes system safeguards by directing disaster preparedness development, conducting preparedness tests.
  • Develops security awareness by directing development of orientation and training programs, counselling clients.
  • Advises senior management by identifying critical security issues, recommending risk-reduction solutions.
  • Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations; coordinating hardware and software evaluations with vendors.
  • Accomplishes system security and organization mission by completing related results as needed.
  • Provide evidence of work done periodically for Executive Director's review weekly.

LOGICAL SECURITY AND RISK MANAGEMENT

  • ·Ensure external network vulnerability scan are carried out quarterly and after any significant change in network or change by internal staff and using a PCI DSS approved scanning vendor ASV approved and penetration test.
  • Document, track and prioritize all findings and work with IT Team to initiate corrective action to vulnerabilities within two working days of discovery and retain evidence of successful remediation for future reference.
  • ·Review critical patch updates for vulnerability before updating the patch on all critical systems.
  • Ensure internal and external penetration tests are done at least once a year on the network layer, all personalization network components, and operating systems and after any significant infrastructure changes using a PCI DSS approved scanning vendor ASV approved and penetration test.
  • Document, track and prioritize all findings and initiate corrective action to vulnerabilities within two working days of discovery and retain evidence of successful remediation for future reference.
  • Ensure that intrusion detection systems IDS use for network traffic analysis covers all traffic generated by machine used within the personalization network, data preparation network, personalization network traffic, cloud-based provisioning network, IDS from DMZ, firewalls and public-facing interfaces or servers where cardholder data is decrypted.
  • Put in place and present for independent review all evidence of preventive measures, when requested by the Management and other stakeholders.
  • Ensure full compliance to PCI DSS on management of ZMK Zone Master Key & KEK Key Encryption Key key loading ceremonies with evidence of audit trail of all activities.
  • Log all clear key component activities with evidence. Carry out periodic review of adherence by all appointment key managers, custodians, key transfers, key destruction and key back-up and recovery.
  • Submit exception report to the Executive Director for corrective action. Ensure all secret data chip personalization keys, PIN keys, CVV, CVC,CAV, CSC keys, Symmetric, private asymmetric keys and confidential data cardholder name, PAN, expiry etc are accorded strict confidentiality.
  • Confirm that split knowledge and dual control is applied to preserve all key life cycle activities for key protection.

REGULATORY AND POLICY ISSUES

  • Collaborate with other internal Stakeholders to plan, prepare for and ensure smooth sail of all certification or re-certification Audit processes that requires information security reviews covering MasterCard, Verve, Visa and Internal Audit.
  • Achieve system security operational objectives of the Company toward obtaining timely regulatory certification by contributing information and recommendations to strategic information security and risk functions; prepare and complete information security and risk action plans, resolving problems; completing audits; identifying trends; determining system improvements; implementing change.
  • Ensure negligible non-conformities.
  • Carry out periodic review of all security architecture to identify potential threats, put mitigants in place and ensure security adequacy over card holder data.
  • Ensure that Incidence Response Plan IRP is updated to all documents know or suspected compromise of classified data and un-usual activities around production equipment and operations.
  • Submit monthly report of compliance to policy on critical door reviews, all remote access to the Company network/system components including policy on anti-virus software & firewalls and removable media policy. Provide weekly investigation report comprising forensic analysis with appropriate recommendations/remediation to the Executive Director.

RISK ASSESSMENT

  • Conduct quarterly vulnerability and risk assessment.
  • Conduct bi-annual verification of IT assets in conjunction with IT and Internal Audit and Compliance departments and submit accurate reports.
  • Carry out Quarterly independent checks of network devices, user accounts and permission level of critical business machines; and submit report on findings.
  • Review of Internal Security Manual with every new staff and conduct bi-annual/annual security awareness trainings.
  • Review critical patch updates for vulnerability before updating the patch on all critical systems.
  • Ensure adequate incidence management and prompt resolution.
  • Conduct a quarterly inspection on all security devices to confirm they are working properly and submit a comprehensive report to management.
  • Ensure monthly configuration review of all the Active Devices with the IT Manager.
  • Review the weekly card access activities and submit report to the Internal Audit and Compliance and HR Department.
  • Review key custodians' suitability every quarter.
  • Monthly review of the network diagram.
  • Annual test of BCP and ERP rehearsal.
  • Closure of audit non-conformity within stipulated time MasterCard, Verve, VISA and interval audit.
  • Review of the ISMS annually and compliance with the policies clear desk policy, screen lock out etc..
  • Review network scan GFI LAN Guard report monthly.
  • Monthly review of wireless airtight scan report.
  • Review of quarterly external network ASV scan with IT & IAC for quick remediation of non-conformity.
  • Conduct risk assessment and submit report to MD and BOD committee.
  • Attend BOD committee quarterly meetings.
  • Review of the annual penetration and vulnerability test report with IT & IAC, ensuring quick remediation of non-conformity.
  • Conduct security induction course for new staff.

PEOPLE'S MANAGEMENT

  • Closely supervise/monitor the productivity levels of the unit's staff to make sure that goals/targets are met.
  • Report or give feedback on how the unit is or has been faring to the company's top management whenever as required.
  • Work in collaboration with other departmental managers to ensure a free-flowing process.
  • Ensure excellent external customer/vendor relationship management.

REQUIREMENT

  • Minimum of 7 years cognate experience
  • BSc or HND in Computer Science or related discipline and any of professional certification CISSP, CISM, CISA, Cisco certification

KEY SKILLS AND COMPETENCIES

  • Confidence
  • Excellent technical skills
  • Positive energy and agility
  • Organizational skills
  • Planning skills
  • Interpersonal skills
  • Communication skills
  • Problem solving skills
  • Team working skills
  • Attention to details
  • Understanding of the code, specification and regulations related to the payment card industry
  • IT skills.


  • Lagos, Lagos, Nigeria SolidPro Security Company Full time

    ResponsibilitiesDevelop and implement security policies.Conduct risk assessments and audits.Maintain Security Operations Procedures.Respond to security incidents.Implement access control and surveillance.Knowledge on electronic security.Develop emergency response plans.Train and manage security personnel.Ensure regulatory compliance.Manage security vendors...

  • Security Head

    2 months ago


    Lagos, Lagos, Nigeria Keen British School Full time

    ABOUT THE COMPANYWe provide children and youth with high-quality education that enhances knowledge, personal development, social skills, and creativity.JOB SUMMARYResponsibilities We are seeking for a proactive and motivated and dedicated Security Head who will be in charge of managing the security of the school cautiously.RESPONSIBILITIESREQUIRED...


  • Lagos, Lagos, Nigeria Canonical Full time

    What you will do in this role:Define Canonical's security risk management standards and playbooksAnalyse and improve Canonical's security risk practicesEvaluate, select and implement new security requirements, tools and practicesGrow the presence and thought leadership of Canonical security risk management practiceDevelop Canonical security risk learning and...

  • Security Coordinator

    2 months ago


    Lagos, Lagos, Nigeria Morris Royal Security Limited Full time

    ABOUT THE COMPANYWe are a team of experienced security and law enforcement professionals with specialization in Enterprise Risk Management. We leverage on our solid organizational structure, a dedicated workforce, constantly improving technologies and techniques and strong quality assurance processes to deliver superior services.JOB SUMMARYRequirements...

  • Security Manager

    4 weeks ago


    Lagos, Lagos, Nigeria International Masters Security Systems Limited Full time

    ABOUT THE COMPANYInternational Masters Security Systems Limited (IMSS) is a wholly indigenous company which has been at the forefront of providing Security Management, Cash-In-Transit / Valuable Protection and Security Consultancy & Training since its inception in 1994.At IMSS, we believe that strong leadership is a critical factor in achieving...

  • Security Manager

    2 weeks ago


    Lagos, Lagos, Nigeria International Masters Security Systems Limited Full time

    ABOUT THE COMPANYInternational Masters Security Systems Limited (IMSS) is a wholly indigenous company which has been at the forefront of providing Security Management, Cash-In-Transit / Valuable Protection and Security Consultancy & Training since its inception in 1994.At IMSS, we believe that strong leadership is a critical factor in achieving...

  • Security Manager

    4 weeks ago


    Lagos, Lagos, Nigeria International Masters Security Systems Limited Full time

    ABOUT THE COMPANYInternational Masters Security Systems Limited (IMSS) is a wholly indigenous company which has been at the forefront of providing Security Management, Cash-In-Transit / Valuable Protection and Security Consultancy & Training since its inception in 1994.At IMSS, we believe that strong leadership is a critical factor in achieving...


  • Lagos, Lagos, Nigeria Morris Royal Security Limited Full time

    ABOUT THE COMPANYWe are a team of experienced security and law enforcement professionals with specialization in Enterprise Risk Management. We leverage on our solid organizational structure, a dedicated workforce, constantly improving technologies and techniques and strong quality assurance processes to deliver superior services.JOB SUMMARYRequirements...


  • Lagos, Lagos, Nigeria Halogen Group Full time

    Job SummaryThe Head, Enterprise Risk & Compliance will be responsible for overseeing the development and implementation of a comprehensive risk management and compliance framework for the organization.Your primary focus will be to ensure that the company operates within the risk appetite set and complies with all relevant laws and regulations.The position...

  • Head of Credit Risk

    18 hours ago


    Lagos, Lagos, Nigeria Kuda Bank Full time

    Role OverviewJoin us at Kuda in this pivotal role and be the driving force in shaping and optimizing our Credit Risk strategiesWe are currently searching for a dynamic Head of Credit Risk to lead the Credit Risk team, spearhead the implementation and execute Kuda's Credit Risk policies. You'll have the opportunity to drive streamlined collection practices...

  • Head of Risk

    1 week ago


    Lagos, Lagos, Nigeria Canarypointcs Full time

    Position Summary:Oversee and manage the overall risk management framework of the organization.Identify, assess, and mitigate risks to ensure the company's financial stability and regulatory compliance.Lead the development and implementation of risk management strategies, policies, and procedures.Align risk management with the company's strategic...


  • Lagos, Lagos, Nigeria Canonical Full time

    JOB SUMMARYWhat we are looking for:Undergraduate Degree in Computer Science or STEM, or a compelling narrative about your alternative pathProven track record of mitigating with advanced threat actors and nation state threatsExpert technical understanding of SOCs from the ground upIn depth knowledge of SOC architecture and design including strategies for...

  • Risk Analyst

    2 months ago


    Lagos, Lagos, Nigeria OnePyramid Full time

    Role Overview:We are looking for skilled Risk Analysts specializing in IT, Supply Chain, or Cybersecurity to join our dynamic team.The perfect candidate will be in charge of evaluating vendor risk and ensuring compliance with security standards, aligning with organizational goals and regulations.This role is crucial in identifying, assessing, and reducing...

  • Risk Analyst

    4 weeks ago


    Lagos, Lagos, Nigeria OnePyramid Full time

    Role Overview:We are looking for skilled Risk Analysts specializing in IT, Supply Chain, or Cybersecurity to join our dynamic team.The perfect candidate will be in charge of evaluating vendor risk and ensuring compliance with security standards, aligning with organizational goals and regulations.This role is crucial in identifying, assessing, and reducing...

  • IT Risk Manager

    2 months ago


    Lagos, Lagos, Nigeria Dangote Group Full time

    ABOUT THE COMPANYDangote Group is one of Nigeria's most diversified business conglomerates with a hard – earned reputation for excellent business practices and products' quality with its operational headquarters in the bustling metropolis of Lagos, Nigeria in West Africa.JOB SUMMARYEducation and Experience Bachelor's Degree in Economics, Accounting, or a...


  • Lagos, Lagos, Nigeria IHS Towers Full time

    ABOUT THE COMPANYThe company started as a provider of site build services for mobile network operators in Nigeria, but has gone on to develop deep expertise in all aspects of telecom towers. Today, IHS and its subsidiaries in Nigeria manage over 16,500 sites. We operate from our head office in Lagos but have regional offices in Abuja, Ibadan, Enugu, Asaba,...


  • Lagos, Lagos, Nigeria IHS Towers Full time

    ABOUT THE COMPANYThe company started as a provider of site build services for mobile network operators in Nigeria, but has gone on to develop deep expertise in all aspects of telecom towers. Today, IHS and its subsidiaries in Nigeria manage over 16,500 sites. We operate from our head office in Lagos but have regional offices in Abuja, Ibadan, Enugu, Asaba,...

  • Group Head

    1 month ago


    Lagos, Lagos, Nigeria Fadac Resources and Services Full time

    ABOUT THE COMPANYFadac Resources and Services – We provide businesses with human capital solutions that can help improve oral performance while reducing employment practice risk.We can assist organization no matter how large or small to establish, outsource and trouble shoot any human resources functions/ challenges Our believe is that people are the...

  • Group Head

    2 weeks ago


    Lagos, Lagos, Nigeria Fadac Resources and Services Full time

    ABOUT THE COMPANYFadac Resources and Services – We provide businesses with human capital solutions that can help improve oral performance while reducing employment practice risk.We can assist organization no matter how large or small to establish, outsource and trouble shoot any human resources functions/ challenges Our believe is that people are the...

  • Group Head

    4 weeks ago


    Lagos, Lagos, Nigeria Fadac Resources and Services Full time

    ABOUT THE COMPANYFadac Resources and Services – We provide businesses with human capital solutions that can help improve oral performance while reducing employment practice risk.We can assist organization no matter how large or small to establish, outsource and trouble shoot any human resources functions/ challenges Our believe is that people are the...