Custodian Investment Plc

Job Description: Lead, Security Governance, Risk and Compliance

Job Title Department Location

Lead, Security Governance, Risk Information Security Lagos

and Compliance

Job Objective Establish an acceptable IT risk profile and promote adherence to

information risk standards and procedures to ensure Custodian’s systems
are protected from internal and external threats, and end-to-end security
(frontline to back-end/ data centre) is maintained.

REPORTING RELATIONSHIPS

Internal Interfaces External Interfaces

Reports to  Chief Information Security  IT Consultants

Officer
 Vendors
Direct Reports  IT Security Analyst

Other Internal Relationships  Information Technology

 Risk Management

 Internal Audit

 Divisional Heads

 All Staff

FUNCTIONAL COMPETENCIES

 Security Governance & Standards

 Security Risk Management

 Information Security Compliance

 Information Security Assurance

ROLES AND RESPONSIBILITIES

 Responsible for assurance over enterprise security and security operations as well as operational compliance
to all ISO and related standards and regulations.
 Lead the planning and execution of information security assurance, under the directives of the Chief
Information Security Officer.
 Lead the creation and maintenance of information security policies, standards, & baselines

 Build awareness of new and evolving IT risks across the business and implement appropriate systems and
processes which ensure that information risks are detected early and proactively managed with timely
 remediation when undesired events occur.
 Lead the identification of Key Risk Indicators (KRIs) across the business based on up-to- date situational
analyses and trends and drive effective risk oversight by providing timely and relevant information on KRIs.
 Plan and execute quarterly Information Security audits, complete with detailed findings and remediation
follow-ups.
 Implement and maintain compliance with relevant standards e.g. ISO27001, NIST, CIS, etc.
 Liaise with Risk Management, Internal Audit, and other relevant functions across the business to ensure that
all risk registers and compliance-related documentation are up to date in line with the overall enterprise risk
management approach.
 Conduct continuous risk assessments and business impact analyses for new and existing solutions.
 Stay informed of all IT risks before they are highlighted by Audit or 3rd-parties. Ensure closure of open audit
items.
 Aggregate information to identify operational control weaknesses and build a risk management dashboard
that is refreshed and published periodically.
Special and Other Duties
 Prepare various reports for management decision making

 Perform other functions as assigned by the Chief Information Security Officer

 Manage Subordinates’ performance and conducts formal appraisal

Experience and Qualifications  Bachelor’s and/or Advanced degree in Computer Science or any
Required related disciplines.

 A minimum of seven (7) years relevant experience in Information

Security, IT Audit and Risk.

 Professional certification like CISA, CRISC, CISSP, ISO27001

 Hands on experience in review of Security Systems, IT Applications

and Infrastructure.
 Demonstrable experience in Information Security Governance and
Risk Management.
 Demonstrable experience in Information Security Compliance with
Standards and Regulations.
 Thorough understanding of the latest security principles, techniques,
and protocols
 Problem solving skills and ability to work under pressure