Latest Jobs at First Bank of Nigeria

JOB OBJECTIVE(S)

Manage and evaluate the Bank’s security policies and regulatory standards to minimize the risk of compromise of sensitive business systems

DUTIES & RESPONSIBILITIES

•  Develops policy, framework, security baselines and procedures for the information/Cybersecurity governance, including control document reviews, stakeholder review/sign-off and post-approval communication.
• Serves in an advisory role in application development and infrastructure projects to assess security requirements and controls and ensures that security controls are implemented as planned
• Monitors compliance with security policies, standards, guidelines, procedures, respond to policy violations and escalate exceptions.
• Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures.
• Provide support for Independent Vulnerability Assessment & Penetration Test (VAPT) projects.
• Assesses threats and vulnerabilities in the Banks products and technology acquisition. Engage IT Project managers on IT project risk and provide guidance
• Continuously communicate and ensure staff and third-parties are aware of information and cyber security as it relates to their roles and/or services
• Empower staff bank-wide through periodically Information and cyber security risk awareness and training including role based and privileged user training using different sources: Newsletters, E-Learning (Computer Base Training), Facilitator Led training, E-flyers etc
• Develop an awareness program for the enterprise and conduct training to ensure that stakeholders understand Information risk management to promote a risk-aware culture.

JOB REQUIREMENTS

Education

• Minimum Education:   First Degree in computer science/Engineering
• Professional Certifications: CISM, ISO27001 Lead Implementer, or any Cybersecurity Professional Certifications

Experience

Minimum experience – 5 years’ experience in facilitating and conducting security awareness and policy development, security architecture and security standards/requirements (PCI-DSS, ISO27001, Cybersecurity)

go to method of application »

JOB OBJECTIVE(S)

• Provide assurance on the effectiveness and efficiency of Information Systems and Cybersecurity Risk Management, Control and governance processes within the bank and subsidiaries to achieve strategic and business  objectives
• Provide assurance that the bank and subsidiaries are adequately protected against third party vendor and outsourcing risks.

DUTIES & RESPONSIBILITIES

• Acts in the absence of Head, IS Audit for issue relating to Governance, Risks and Standards

• Participate in the preparation Risk based Audit plan for Governance, Risks and standards audits

• Ensures the currency of checklists for audit teams in line with changing standards and best practices for continuous improvements

• Develops and communicates draft audit Terms of Reference and participates in formal audit meetings

• Plans, coordinates and executes annual Enterprise Information Technology and Governance Audit using COBIT5 Framework
• Plans, coordinates and executes Data Protection Framework
• Plans, coordinates and executes E-Risk Management Framework, Operational Risk Management and other related Frameworks/policies

• Plans, coordinates and executes the audit of the Bank’s

• ISO 27001 - Information Security Management Systems
• ISO22301 – Business Continuity Management Systems
• PCIDSS     -  All in-scope departments
• ISO20000 – Service Management
• ISO9001   – Quality Management Systems

• Plans, coordinates and executes IT Outsourced Service Providers audits

• Supervises GRS audit teams in the various engagements to ensure the audits are performed in line with Internal Audit Methodology and relevant professional standards

• Provides first level assurance review of team’s outputs and ensures knowledge sharing and on the job coaching of team members.

• Participates in Governance, Risks and Standards related projects to ensure that stated benefits are realized

• Co-ordinates the follow-up and timely regularization of audit exceptions and assurance of GRS team.

• Coordinating Operational Risk process reviews to ensure  Security Operations team’s compliance with Operational Risk Governance Framework

• Carries out ad-hoc activities as assigned by the Unit Head and/or CAE

• Complies with the principles and policies in the Information Security Handbook

JOB REQUIREMENTS

Education

• B.SC. Computer Sciences or related disciplines
• Professional certifications (CISA,  CRISC, ISO 27032, ISO 22301 & ISO 27001, ISO 20000, COBIT 5, ISO 9001, PCIDSS etc. )

Experience

• Minimum experience - 8 years in Information Systems and 5 years in Audit/control /Information/ Standards & Frameworks

go to method of application »

Job Objective(s)

• Ensure IT Infrastructure standards, policies, guidelines and procedures are being implemented by IT management to enable availability of IT services to support the bank’s business objectives.
• Provide assurance over the effectiveness of controls on the bank’s technical infrastructure.

Duties & Responsibilities

• Participates in the periodic audit of the Bank’s Disaster Recovery Infrastructure to ensure its availability and adequacy when the main production facility becomes unavailable.
• Represents the Department in Information Technology related projects for quality assurance purposes and provide report to on progress and risk management.
• Audit of all IT Operations (EOD/BOD/EOM/EOQ/EOY, Enterprise Data Backup & Restore, Physical & Environmental Controls, SLA, Staff, training, etc.)
• Prepare timely, accurate and complete audit query and other audit work papers in line with the Internal Audit Methodology.
• Carry out assigned investigations of frauds connected to the use of channels and systems.
• Participates in the audit of the Bank’s Network and Telecommunications Infrastructure to ensure protection against a wide range of threats and vulnerabilities.
• Assists in the review of the Bank’s Firewalls, Core Switches, Routers, Intrusion Detection and Prevention Systems to ensure they are adequately configured to prevent intrusions into the bank’s networks.
• Executes audit of Messaging Infrastructure (Exchange clients and Servers) to ensure security and efficiency.
• Participates in the review of Virtualization Infrastructure to ensure security and availability of the virtualized layer.
• Participates in the audit of Antivirus, patch management and other emerging technologies as deployed by the Bank.
• Participates in Systems and Infrastructure projects
• Maintains the Security of all Information entrusted to the staff
• Carry out other tasks that may be assigned from time to time
• Maintains the Security of all Information entrusted to the staff.

Job Requirements
Education:

• First Degree preferably in Computer Science or related discipline
• Professional certification (CISA, CRISC, ISO 27001, ISO 22301, ISO 20000 etc.)
• Experience
• Minimum experience - 1 year in IT and Audit/Control/Information Security/Information Risk Management and Project Management.