Job Purpose
The Chief Information Security Officer (CISO) will be responsible for establishing and maintaining the enterprise vision, strategy, and programs to ensure information assets and technologies are adequately protected. He/She will lead the development and implementation of security policies, risk management strategies, cyber-defense initiatives, regulatory compliance, and incident response protocols across the organization.
Key Responsibilities
Strategic & Leadership
Develop the company's information security strategy, roadmap, and long-term cybersecurity vision.
Lead, mentor, and manage the Information Security and Cyber Security Risk teams.
Establish and maintain enterprise-wide security governance aligned with global best practices.
Cybersecurity Operations
Oversee implementation, monitoring, and continuous improvement of cybersecurity controls across networks, applications, endpoints, and cloud environments.
Manage the Security Operations Center (SOC) and threat-intelligence activities.
Direct vulnerability assessments, penetration tests, and security audits.
Risk & Compliance
Conduct periodic risk assessments to identify, quantify, and prioritize security risks.
Ensure compliance with regulatory standards (e.g., ISO 27001, GDPR, NDPR, PCI-
DSS, CBN / NDIC regulations for financial institutions).
Develop and enforce security policies, standards, and procedures across all business units.Incident Response & Business Continuity
Lead the development and implementation of Cybersecurity Incident Response Plan (CIRP).
Coordinate response to security breaches, cyber-attacks, data leaks and ensure timely communication to stakeholders.
Collaborate with IT leadership to ensure business continuity and disaster recovery frameworks are secure and tested.
Stakeholder Management
Provide periodic security reports to the Board, Executive Management, and regulators.
Ensure security awareness training for staff and promote cybersecurity culture.
Serve as the primary liaison with law enforcement agencies, cybersecurity partners, and regulators.
Key Performance Indicators (KPIs)
% reduction in cybersecurity incidents and vulnerabilities
SLA response time to incidents and breaches
Regulatory and audit compliance rating
Implementation rate of cybersecurity roadmap initiatives
Staff cybersecurity awareness and training completion rate
Qualifications & Requirements
Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field (Master's degree preferred).
Relevant cybersecurity certifications such as: CISSP, CISM, CEH, CCSP, CRISC, ISO 27001 Lead Implementer/Auditor, GSEC.
Minimum of 10+ years of combined IT and cybersecurity experience, with at least 5 years in a leadership role.
Strong understanding of Information security frameworks
o Cloud security and network architecture
o Digital risk management and governance
o Regulatory compliance requirements
Proven experience managing cybersecurity programs in financial services or technology-driven organizations is an added advantage.
Core Competencies
Strategic thinking and leadership
Cyber risk management
Incident command decision-making
Data and information governance
Excellent communication and reporting skills
Stakeholder and crisis management
Ethical, confidential, and highly analytical mindset