Chief Information Security Officer (Financial Institution)

Requirements

Job Title: Chief Information Security Officer (Financial Institution)

Department: Management Information System

Reports To: Managing Director / Chief Executive Officer (MD/CEO)

The Chief Information Security Officer (CISO) will be responsible for establishing and

maintaining the enterprise vision, strategy, and programs to ensure information assets and

technologies are adequately protected. He/She will lead the development and

implementation of security policies, risk management strategies, cyber-defense initiatives,

regulatory compliance, and incident response protocols across the organization.

Key Responsibilities

Strategic & Leadership

• Develop the company’s information security strategy, roadmap, and long-term cybersecurity vision.
  


• Lead, mentor, and manage the Information Security and Cyber Security Risk teams.
  


• Establish and maintain enterprise-wide security governance aligned with global best practices.
  

Cybersecurity Operations

• Oversee implementation, monitoring, and continuous improvement of cybersecurity controls across networks, applications, endpoints, and cloud environments.
  


• Manage the Security Operations Center (SOC) and threat-intelligence activities.
  


• Direct vulnerability assessments, penetration tests, and security audits.
  

Risk & Compliance

• Conduct periodic risk assessments to identify, quantify, and prioritize security risks.
  


• Ensure compliance with regulatory standards (e.g., ISO 27001, GDPR, NDPR, PCI-
  


• DSS, CBN / NDIC regulations for financial institutions).
  


• Develop and enforce security policies, standards, and procedures across all business units.Incident Response & Business Continuity
  


• Lead the development and implementation of Cybersecurity Incident Response Plan (CIRP).
  


• Coordinate response to security breaches, cyber-attacks, data leaks and ensure timely communication to stakeholders.
  


• Collaborate with IT leadership to ensure business continuity and disaster recovery frameworks are secure and tested.
  

Stakeholder Management

• Provide periodic security reports to the Board, Executive Management, and regulators.
  


• Ensure security awareness training for staff and promote cybersecurity culture.
  


• Serve as the primary liaison with law enforcement agencies, cybersecurity partners, and regulators.
  

Key Performance Indicators (KPIs)

• % reduction in cybersecurity incidents and vulnerabilities
  


• SLA response time to incidents and breaches
  


• Regulatory and audit compliance rating
  


• Implementation rate of cybersecurity roadmap initiatives
  


• Staff cybersecurity awareness and training completion rate
  

Qualifications & Requirements

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field (Master’s degree preferred).
  


• Relevant cybersecurity certifications such as: CISSP, CISM, CEH, CCSP, CRISC, ISO 27001 Lead Implementer/Auditor, GSEC.
  


• Minimum of 10+ years of combined IT and cybersecurity experience, with at least 5 years in a leadership role.
  


• 
  
  
  Strong understanding of Information security frameworks
  
  
  
  
  
  o Cloud security and network architecture
  
  
  
  
  
  o Digital risk management and governance
  
  
  
  
  
  o Regulatory compliance requirements
  
  


• Proven experience managing cybersecurity programs in financial services or technology-driven organizations is an added advantage.
  

• Strategic thinking and leadership
  


• Cyber risk management
  


• Incident command decision-making
  


• Data and information governance
  


• Excellent communication and reporting skills
  


• Stakeholder and crisis management
  


• Ethical, confidential, and highly analytical mindset
  

• Competitive Executive Compensation
  


• Performance Bonus
  


• HMO
  


• Professional Development & Training Support