Standard Chartered Bank Nigeria – We attract talented individuals. Not only can they give you the benefit of their experience, they also reveal a closer, more personal look at the wide range of global opportunities we offer. At the core of the Group’s people strategy is our focus on employee engagement. Engagement is a key driver of productivity and performance, which creates the foundation of our performance culture. We encourage and focus on the behaviours that bring out the very best from every employee, assessing their performance not just on results but on how those results were achieved. To further embed these behaviours we have a remuneration programme in place, carefully designed to incentivise our employees to live our values every day.
We are recruiting to fill the position below:
Job Title: CISO Nigeria and ICS Risk Manager
Job ID: 2100016138
Primary Location: Lagos, Nigeria
Employee Status: Permanent
Make an impact every day with Trust, Data and Resilience (TDR):
- Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home.
- Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you’ll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.
- We are establishing a capability to successfully implement and embed the new Information and Cyber Security (ICS) Risk Type Framework (RTF) into Africa and Middle East (AME) countries to bring consistency in the identification and mitigation of ICS Risks. The CISO Nigeria and ICS Risk Manager will report to and support the Regional Head of ICS, Africa to drive the adoption and implementation of the framework across the countries.
- This role will require hands on approach to understand, embed, and guide the countries on the ICS RTF to maximize risk reduction and capability improvement, while meeting compliance and legal obligations, and minimising client impact. The role will require to have end-to-end view of all ICS activities with regular risk assessment, tracking, follow up and reporting at the relevant forums.
- The CISO Nigeria and ICS Risk Manager will provide exceptional leadership, maintain highly constructive relationships with key stakeholders, and possess strong security risk framework knowledge to mobilize effort and commitment.
- CISO Nigeria and ICS Risk Manager will execute a robust and efficient plan to rollout ICS RTF by working with key stakeholders including COOs/CIOs direct teams, ICS RTF Implementation Programme teams, Office of the CISO and Security technology teams. The plan will incorporate digital footprint discovery, risk assessment, definition and implementation of controls as guided by the ICS RTF and tailored to the relevant areas.
- Supporting the Regional Head of ICS in the implementation of the ICS Risk framework including working with stakeholders to identify, assess and rate the information assets, build out the risk profile per the framework, initiate risk assessments and put together treatment plans.
- Use qualitative and quantitative data sources to validate Key Control Domains (KCD) and associated controls, accelerate risk assessment process, validate business risk profile and develop action plans to remediate to bring ICS risk back into appetite.
- Follow up on identified thematic cyber issues, develop processes to address issues from re-occurrence and ensure cyber hygiene across the whole portfolio.
- Provide regular status updates including progress, top risks and issues to the respective country and regional forums for the relevant domains. Track RAG status, key milestones, risks, dependencies and issues.
- Interface with the Business and Country ICS Leads to assist with sharing of risk profiles, advising on cyber risk issues and addressing areas of concern.
- Interface into Technology forums to ensure security technologies are operating with input from countries and be actively involved in the roadmap of these technologies by providing regional/country input.
- Development of risk treatment plans for the assigned areas in conjunction with the business and technology teams. Interface with other areas to ensure dependencies are known and prioritised. Negotiate timelines to ensure proper remediation by maintaining support and organizational alignment.
- Adapt to emerging and horizon risks and address issues to maximize outcomes. Urgent and timely action for risks and issues which adversely impact cyber risk profiles.
- Re-planning and prioritising as required to maximise risk reduction.
- Coordinate and plan for cyber crisis management exercises, build response and recovery capabilities, workarounds, ensure up to date playbooks etc.
- Assist with other cyber activities underway
- Ensure effective prioritisation and application of industry best practice into the ICS RTF and ICS country risk.
- Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes.
- Learn from the recent regional and global cyber events and build into strategy to address current and emerging risks.
Region / Country:
- Maintain strong stakeholder engagement with other COO ICS teams, Chief Information Security Office teams, ICS RTF Implementation Programme teams and Security Technology teams.
- Establish and maintain working groups across domains to progress the framework roll out.
- Escalate appropriately to ensure Regional Head of ICS, Africa is briefed, and necessary decisions are made in a timely manner.
- Manage the rollout of the ICS RTF professionally and efficiently, closely tracking timeline commitments for provision of information and action plans, and for validation of actions taken.
- Ensure adoption of security tooling and capability to address ICS risk tactically and strategically.
- Address and adopt response and recover capabilities and assist with cyber crisis management exercises, playbooks etc.
- Support the Regional Head of ICS, Africa on running periodic working groups and ensuring proper rollout of the ICS RTF.
- Assist with pulling together Risk papers going to various Risk committees within the region.
- Manage actions coming out of various risk and compliance forums.
Regulatory & Business Conduct:
- The candidate shall be responsible for the day-to-day cybersecurity activities and the mitigation of cybersecurity risks in the Bank.
- Focus on the Bank’s wide cybersecurity risk rather than IT security risk only and shall also be responsible for the development and implementation of the cybersecurity programme and strategy as approved by the Board.
- Possess relevant qualifications and in-depth experience in Information Technology with any, or combination of, Information Security Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Chief Information Security Officer (CCISO).
- Support CEO to run the established an information security steering committee that shall be responsible for the governance of the cybersecurity programme. The steering committee shall consist of senior representatives of relevant departments within the Bank.
- Display exemplary conduct and live by the Group’s Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Lead the Nigeria & other assigned countries/ICS TRP to achieve the outcomes set out in the Bank’s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] *
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Adherence to Central Ban of Nigeria (CBN) and other country/local regulatory directives and requirements
- Strong stakeholder engagements with COO ICS teams, Chief Information Security Office teams, ICS RTF Implementation Programme teams and Security Technology teams.
- Keep abreast of any new developments in the ICS risk frameworks globally, participate in industry and external discussions.
- Minimum of 8 – 10 years’ experience with at least 5 years in Information and Cybersecurity capacity in financial industry
- Minimum of 5 years in banking industry
- Degree in Engineering, Computer Science/Information Technology or its formally recognised equivalent.
- One or more of the following certifications will be preferred:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Chief Information Security Officer (CCISO)
- SANS Global Information Assurance Certifications (GIAC)
- Certified in Risk & Information Systems Control (CRISC)
- Payment Card Industry – Quality Security Assessor (PCI-QSA), etc.
- ISO 27001/22301 Lead Implementor or Lead Auditor
- Strong integrity, independence and resilience
- Willing and capable of travel across the countries in the portfolio if required
- A Master’s degree is desirable
Deadline: 17th July, 2021.
Job Title: AVP – Cloud Authentication Engineer
Ref No: 2100002572
Employee Status: Permanent
The Role Responsibilities
- Responsible for driving the delivery of authentication capabilities i.e. SSO, Multi-factor Authentication and Directory services for applications in the cloud, ensuring security controls become the default for Cloud/ SaaS based applications
- Work as part of a small skilled team (Tribe/ squad) of engineers and senior architects to analyse technical and non-technical requirements to build robust authentication patterns for cloud-based applications.
- Manages and continuously enhances capabilities within Security Technology service portfolio.
- Operates various Authentication technology tools, based on specialization, but not limited to Single Sign on, Multi-factor authentication and directory services.
- Operates and provide expert guidance on authentication controls required in the cloud
- Makes recommendations to improve integration of applications with enterprise authentication service capability
- Coordinate solution implementation, advisory, problem management, change control and incident response.
- Collaborates with business teams, infra teams, security operations and offers technical guidance
- Develops, tracks and analyses actionable metrics to continuously improve tooling and procedures and provide visibility of operations to management.
- Performs security assessments and vulnerability analysis as required to justify risk tolerances and acceptances
- Documentation of security infrastructure, implementation, operational manuals and developing configurations to meet new business requests
- Review findings from and identify root causes for common issues and provide recommendations for sustainable improvement.
Our Ideal Candidate
- A Bachelor’s Degree in Engineering or related fields
- 8 – 10 years of progressive IAM experience with focus on Authentication & Authorisation with at least 4 years in delivering enterprise solutions
- Must hold industry certifications such as – Azure Security, Azure Developer, AWS Cloud Practitioner and AWS Security.
- Hands on experience in public clouds (AWS/Azure) is a must
- Must have experience in implementation of authentication and authorisation technologies and federated identity standards and protocols (multifactor authentication, secure-key, SSO, LDAP Kerberos, OAuth, SAML, OpenID Connect) at an enterprise scale
- Strong understanding of ForgeRock Directory Services (Open DS), Oracle Unified Directory, ForgeRock Access Manager (OpenAM), ForgeRock Identity Gateway and Active & (Azure AD) Directory (desirable)
- Skillsets in the following would be an advantage
- Programming experience in Java/J2EE, Spring/Hibernate, Rest APIs, JSON, XML
- Experience in Infrastructure as a Code Products ((Terraform, Cloud Formation)
- Working knowledge of Containers and container orchestration platform
- Continuous Integration / Continuous Deployment practise, tooling, and techniques, (Jira, Confluence, Bitbucket, git; Jenkins, Artifactory, Packer, Rundeck, Ansible, AWS, ELK, AppDynamics etc)
- Knowledge on version control tools (SVN, GitHub), Groovy scripts.
- Experience in working with geographically dispersed teams, preferably in the Financial Services industry.
- Experience with enterprise applications (architecture, development, support, and troubleshooting).
- Experience and exposure to threat modelling and design reviews to assess security implications and requirements for introduction of new technologies.
- Strong interpersonal and communication skills; ability to work in a team environment
- Ability to work independently with minimal direction; self-starter/ self-motivated
- Technical writing experience is a plus.