Job Overview

The Information Security Officer (ISO) is responsible for review and monitoring of organization’s information security framework to protect data assets, ensure regulatory compliance, and mitigate security risks. The ISO works closely with IT teams to ensure that information security practices align with organizational objectives, regulatory requirements, and industry best practices.

Key Responsibilities

Risk Management Functions:

• Identify, assess, and report information security risks and coordinate remediation plans
• Conduct periodic information security risk assessments and vulnerability assessments.
• Ensure compliance with NAICOM, NDPR, CBN, and other regulatory requirements related to information security and data privacy.
• Collaborate with the Risk and Compliance teams to embed security controls into enterprise risk frameworks.
• Monitor third-party/vendor information security risks.
• Design and deliver periodic information security awareness programs for staff.
• Promote a culture of information security and data protection across the organization.
• Provide advisory support to departments on secure data handling and protection practices
  

Incident Management and Response

• Develop and maintain the Information Security Incident Response Plan.
• Lead investigations into actual or suspected security breaches and coordinate response actions.
• Maintain records of incidents, root causes, and corrective actions.
• Conduct post-incident reviews and lessons learned to improve resilience.
• Provide quarterly information security reports to management and the Board Risk Committee.
  

Key Relationships

• Work with IT to implement technical and administrative security controls (e.g., firewalls, encryption, access management).
• Liaise with internal audit, regulators, and external assessors on information security audits and reviews.
  

Data Protection and Confidentiality

• Uphold the highest standards of confidentiality in handling company-related information, ensuring compliance with data protection laws and internal policies.
• Adhere to the company’s information security guidelines, including proper storage, transmission, and disposal of sensitive materials.
• Promptly report any suspected data breaches or unauthorized access to the appropriate company authority.
• Participate in periodic data protection training to stay informed about evolving security risks and best practices.

General Assignment

• Execute any other duties and tasks that may be designated or assigned by the Company.
• Participate in the knowledge sharing programme of the department and the company
• To provide supports to your manager, Managing Director and Vice Chairman as may be required towards serving the Board, Management and staff members.
  

Qualification

Education

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity,
  or related field.
• Professional certification in information security (e.g., CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CEH).

Experience

• Minimum of 3–5years relevant experience in information security, risk
  management, or IT audit, preferably within financial services or insurance.
• Strong understanding of NDPR, NAICOM guidelines, CBN risk-based supervision framework, and global cybersecurity standards.

Skills and Competencies

• Strong analytical, risk assessment, and problem-solving skills.
• Excellent communication and report writing abilities.
• Deep knowledge of data protection, information security frameworks, and
  emerging cyber threats.
• Ability to work collaboratively across departments.
• High level of integrity, confidentiality, and professionalism