• Application Deadline:
• Position: Chief Information Security Officer (CISO) – Infosec & Digita



• Job Type Full Time



• Qualification BA/BSc/HND



• Experience



• Location Lagos




• Job Field ICT / Computer 
  
  

The Chief Information Security Officer (CISO) is a senior management role responsible for developing, implementing and overseeing the Group's information security, cybersecurity and digital operational resilience programme. The role protects ARM's information assets, technology platforms, client data, business processes, and critical digital services by ensuring effective ICT risk management, cyber defence, resilience testing, incident response, business continuity, disaster recovery, third-party technology oversight, regulatory compliance and executive/Board reporting.

Job Details

Information Security Strategy and Governance: 

• Develop and implement an enterprise-wide information security and cybersecurity strategy aligned with business objectives, risk appetite and regulatory expectations. 


• Establish security governance structures, policies, standards, procedures and control ownership across infrastructure, applications, cloud services, end-user computing and data environments.


• Define roles, accountabilities and escalation paths for cybersecurity, ICT risk, data protection and digital operational resilience across the Group.

Digital Operational Resilience and ICT Risk Management: 

• Own the digital operational resilience framework covering identification, protection, detection, response, recovery and learning across critical ICT assets and business services.


• Ensure the business maintain an inventory and criticality assessment of technology assets, applications, data repositories, third-party systems, communication channels and digital processes supporting important business services. 


• Identify, assess, monitor and report ICT and security risks, including technology obsolescence, capacity constraints, single points of failure, access weaknesses, cloud risk, change risk and data integrity risk.  


• Define resilience requirements for critical systems, including recovery time objectives (RTO), recovery point objectives (RPO), backup standards, redundancy, failover arrangements and minimum security baselines.

 Cybersecurity Operations and Threat Management: 

• Oversee security process and monitor vulnerability management, patch management, endpoint protection, identity and access management, privileged access management and threat intelligence activities.


•  Ensure timely remediation of control weaknesses arising from penetration tests, vulnerability scans, audit reviews, regulatory examinations, incidents and risk assessments. 


• Monitor adequate Implementation of preventive and detective controls for malware, ransomware, phishing, data leakage, unauthorized access, network intrusion and social engineering risks.

 Incident Response, Crisis Management and Regulatory Reporting: 

• Lead the testing and continuous improvement of cyber and ICT incident response plans, including classification, escalation, containment, recovery, root-cause analysis and lessons learnt. 


• Coordinate with Risk Management, Compliance, Legal, Operations, Technology, Internal Control, Internal Audit and business leaders during material technology or cyber incidents. 


• Ensure timely internal reporting to senior management and the Board and support regulatory/client notifications where required by applicable laws, contracts or supervisory expectations. 


• Business Continuity, Disaster Recovery and Resilience Testing: 


• Partners with risk management, businesses, rand technology teams to ensure business continuity plans and disaster recovery plans are aligned with critical business services and operational resilience objectives.


•  In partnership with Risk Management, coordinate periodic disaster recovery simulations, cyber tabletop exercises, failover tests, backup restoration tests, penetration tests, scenario analysis and post-incident reviews. 


• Track remediation actions from resilience tests to closure and report unresolved exposures to management governance forums. 


• Third-Party Technology and Cloud Risk Management: 


• Assess and monitor cybersecurity, data protection and operational resilience risks relating to vendors, outsourced service providers, cloud platforms, fintech partners and other ICT third parties. 


• Ensure key technology contracts contain appropriate security, confidentiality, audit, data protection, incident notification, service availability, exit and continuity clauses.


•  Develop concentration risk, dependency risk and exit planning oversight for critical ICT third-party service providers.


•  Compliance, Data Protection and Standards Alignment: 


• Ensure alignment with relevant laws, regulations, frameworks and standards, including NDPA/NDPR, ISO 27001, NIST, CIS Controls, COBIT and applicable digital operational resilience requirements such as DORA principles where relevant.


•  Embed data protection-by-design, privacy-by-design and security-by-design principles into technology projects, digital initiatives and change management processes. 


• Support regulatory examinations, internal audits, external audits, client due diligence reviews and management assurance activities relating to information security and resilience. Security Awareness, Culture and Board Reporting: Deliver targeted security awareness, phishing simulation, executive education and Board-level cyber risk briefings. 


• Establish meaningful KRIs, KPIs and dashboards covering cyber posture, resilience readiness, incident trends, third-party risk, vulnerability exposure, access control exceptions and control remediation. 


• Provide concise, risk-based reports to senior management, Board Committees and relevant governance forums. Budget, People and Programme Management: 


• Develop and manage the information security budget, ensuring cost-effective investment in tools, people, training and resilience capabilities. 


• Lead, coach and develop the information security team, ensuring clear objectives, performance management and succession planning. 


• Champion secure digital transformation by advising technology, product and business teams on risk-balanced implementation.

Requirements

• In-depth understanding of information security, cybersecurity, ICT risk management and digital operational resilience principles. 


• Strong knowledge of enterprise technology environments, including networks, cloud platforms, infrastructure, applications, databases, endpoints, identity platforms and security tooling. 


• Practical experience implementing frameworks such as ISO 27001, NIST Cybersecurity Framework, CIS Controls, COBIT, ITIL, business continuity and disaster recovery standards. 


• Ability to translate technical cyber and technology risks into clear business, regulatory, financial and operational implications for senior management and the Board. 


• Strong incident management, crisis coordination, stakeholder management and regulatory engagement capability. 


• Experience in third-party technology risk, outsourcing oversight, cloud risk, vendor due diligence and contract control reviews. 


• Ability to design measurable KRIs/KPIs and maintain dashboards that support decision-making and accountability. 


• Strong leadership, communication, influencing, documentation and programme management skills.