Head, Information Security and Business Continuity Unit in a reputable Company based in Lagos


A reputable Company based in Lagos is seeking to hire an energetic, hardworking and experienced individual to Head our Information Security and Business Continuity Unit. This individual will be responsible for establishing processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information within the Organization.

POSITION:  Head, Information Security and Business Continuity Unit


To coordinate the development and maintenance of the Organization’s Information Security policies, standard and procedures.


(i)Create, implement and oversee strategies and programs designed to reduce and mitigate information security risks in the Company to a tolerable level as defined in the risk appetite of the Organization.

(ii)Establish and lead an enterprise-wide information security and assurance function, ensuring that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.

(iii)Establish and lead Business Continuity and Disaster Recovery programs and processes to monitor the emergence of new threats and vulnerabilities, assessing impacts and driving responses as appropriate.

(iv) Ensure that clear and timely business advice is provided to Head ERM on key information security and assurance issues.

(v) Ensure that information security risks are identified and addressed across the enterprise. Develop, maintain and oversee information security policies, procedures and control techniques to address all applicable requirements. Investigate information security breaches. (vi)  Defining and provide baselines and standards on information security to maintain confidentiality, integrity and availability across information system infrastructure enterprise-wide.

(vii)   Oversee and coordinate all aspects of alignment of the Company’s Information Security Management System (ISMS) with ISO 27001 standard. Ensure the Company’s readiness and certification of ISO 27001.

(viii) Manage the creation and production of timely, accurate, and informative business and IT metrics relating to information risk initiatives. Utilize the metrics to prioritize key initiatives and respond to negative trends.

(ix)  Ensure that all IT programs are in compliance with applicable information security policies and regulations.

(x) Supervise physical security team, manage an integrated control room for all the Company’s sites and surveillance.

(xi)Establish and manage Security Incident Event Monitoring (SIEM) and Security Operations Centre (SOC). Ensure the aggregation and management of sensitive logs enterprise wide.

(xii) Establish a process to identify, track and report on security patch management.

(xiii) Align with ERM framework in managing risks and develop information security specific elements, collaborating with appropriate business heads to get buy-in and build momentum for implementation of mitigants.

(xiv) Collaborate with application owners to understand and address (as appropriate) the risk position around key business applications.

(xv) Design a threat assessment framework. Develop and obtain management approval through Head of ERM for short and long term strategies, roadmaps, and business cases to appropriately mitigate, detect, and deter information security threats.

(xvi) Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Determine potential impact on the Company’s risk posture.

(xvii) Oversee the development and maintenance of an information security policy set, including standards and processes that fit the Company at all levels. Seek and confirm management approval as required .

(xviii) Ensure implementation of information security policies, reflecting varying departmental needs where necessary.

(xix  Manage the process to administer information security policy exceptions, ensuring that they are subject to appropriate controls, both before and after approval.

(xx) Ensure that strategic information security and risk guidance is provided to third-party suppliers in accordance with internal information security frameworks, and ensure compliance with required controls.

(xxi) Conduct information security risk assessments across the enterprise at suitable intervals. Ensure that key risk issues are understood, communicated, and tracked on the risk register. (xxii)  Follow through the implementation of the information security risk treatment plans and the recommended controls

(xxiii) Regularly verify that required information security and risk controls are in place, raising findings as noncompliance is found and driving improvement.

(xxiv)Ensure that internal and eternal audits of information security are supported.

(xxv)Liaise with relevant business areas to conduct periodic vulnerability and penetration tests.

(xxvi)Liaise with relevant functional areas to create key risk indicators for monitoring critical information systems.

(xxvii) Liaise with relevant departments to ensure that information security architecture standards, policies, and procedures are available and enacted consistently across application development projects and programs, IT infrastructure deployments and information management system architecting.


Minimum of Second Class Lower / Lower Credit in Computer Science, Statistics or related Science disciplines. Master Degree will be an added advantage



(ii)Numerical and analytical skills

(iii)Planning and organization

(iv)High interpersonal skills

(v)Attention to detail

(vi)Project Management

(vii) Communication (Written and Verbal)


(i)8-9 years’ work experience in a similar function

(ii)Experience with risk appetites, risk reporting capabilities, models and analytics.

(iii)Working knowledge of and experience in the policy and regulatory environment of information security.

(iv)Knowledge of business process automation and workflow concepts and instruments

Qualified candidates should send their updated CVs to infosecl7@yahoo.com not later than 3rd October 2017

Please note that only shortlisted candidates will be contacted.