Deputy Manager, Cybersecurity at Oando Plc

Oando Plc is one of Africa’s largest integrated energy solutions provider with a proud heritage. It has a primary listing on the Nigeria Stock Exchange and a secondary listing on the Johannesburg Stock Exchange. With shared values of Teamwork, Respect, Integrity, Passion and Professionalism (TRIPP).

We are recruiting to fill the position below:

Job Title: Deputy Manager, Cybersecurity

Location: Lagos
Job Type: Full-time
Reports To: Manager, Information Security

Overall Purpose of Job

• The Deputy Manager, Cybersecurity Manager is responsible for the development and implementation of a comprehensive information security program for Oando.
• This role will ensure the confidentiality, integrity, and availability of the organization's information assets, while aligning security initiatives with business objectives.
• The Information Security Manager will be responsible for protecting the company's critical infrastructure, industrial control systems, and sensitive data from cyber threats specific.
• This role will be responsible for managing the process of gathering, analyzing & assessing the current & future information security and privacy threats to the organization and its subsidiaries as well as maintain & monitor the information security best practices as they develop.

Responsibilities

• Develop, review and implement IT policies and procedures to ensure operating efficiency and regulatory compliance
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies
• Develop and implement risk mitigation strategies for identified vulnerabilities and manage the company's cybersecurity insurance program
• Ensure compliance with relevant industry standards and regulations (e.g., NDPR, ISO27001)
• Develop and maintain security metrics and reporting for executive leadership
• Lead the company's IT incident response team and manage the incident response process; continuous evaluation of current Information Security breach management processes and ensure that the organization can meet its mandatory data breach notification obligations should the need arise
• Oversee the implementation and management of security technologies (e.g., SIEM, EDR, IDS/IPS) and management of security operations center (SOC) activities, including 24/7 monitoring and threat hunting
• Work with the Head of IT and managers to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements
• Monitoring systems for security gaps, designing effective solutions for these gaps, and providing reports to management and executive staff
• Developing wide-ranging policies, regulations, and strategies to enhance the security of the organizations
• Provide expert Advise on digital and technical aspects of cyber security governance, frameworks and operating models
• Review, evaluate, and recommend software and hardware products related to IT security,
• Conduct vulnerability assessments to identify existing or potential electronic data and information system compromises and their sources; coordinate IT investigative matters with appropriate audit, regulatory, and certification bodies
• Serve as a witness or subject matter expert for Information Technology Services in legal matters concerning IT security
• Regularly interact and communicate with management to discuss the present audit results, gain acceptance and provide advice to remedy the audit issues or weaknesses discovered
• Develop and maintain professional, credible relationships with key stakeholders (Business, Internal Audit & Risk) including relevant third parties and strategic suppliers.
• Coordinate the periodic ISO27001, NDPR and other audit engagement activities including preparation for the annual Internal Audit assessments
• Reviews, approves and directs the design and implementation of benchmarks, measurements and metrics used for measuring and improving the performance of the Information Security Management System.
• Monitors related industry trends, technological developments and emerging practices in the IT industry and business in anticipation of changing investor and internal needs and best practice
• Collaborate with relevant internal stakeholders to provide auditing support, security reviews and / or assist in the escalation of information breaches.
• Review and recommend information security requirements for IT and operational projects and provide a risk assessment.
• Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the Head of Information Technology and senior managers with a realistic overview of risks and threats in the enterprise environment
• Monitor and report on compliance with security policies, as well as the enforcement of policies across the enterprise
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools
• Develop a strong working relationship with the Service Delivery, Business Applications, and other IT teams to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
• Manage and coordinate operational components of security incident management, including detection response and reporting
• Manage security projects and provide expert guidance on security matters for other IT projects
• Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements
• Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements
• Develop and maintain the company's information security strategy, policies, and procedures
• Align security initiatives with business goals and industry regulations (e.g., NIST, ISO 27001, API 1164)
• Collaborate with senior management to define security priorities and resource allocation
• Conduct regular risk and vulnerability assessment across IT and OT environments.

Responsible For:

• Information Security Strategy, Risk Management, Compliance, Incident Response, Security Operations, Data Protection, Security Awareness and Training, Vendor Management, Business Continuity and Disaster Recovery, Application and Systems Security, Security Program and Architecture, Industrial Controls Systems Security, Information Security Management Sysstem.

Key Performance Indicators

• Level of compliance with industry security standards and regulations (e.g., NIST, ISO 27001, API 1164)
• % deviation of forecasted versus actual cost of security initiatives within defined tolerance limits
• Effectiveness of security controls across IT and OT environments
• Responsiveness to security incidents and user support requests
• Uptime of key security systems (e.g., firewalls, SIEM, IDS/IPS)
• Adequacy of patch management and vulnerability remediation procedures
• % of system downtime due to security-related changes (planned unavailability)
• Teamwork/mentoring/innovation within the security team
• % of security service availability per SLA negotiated
• Quality of technical advice and solutions to cybersecurity problems and issues
• % reduction in security incidents within the financial year
• Integrity and confidentiality of sensitive data and critical systems
• Number of security awareness training sessions conducted within the year and achievement of over 80% employee participation
• Successful completion of penetration tests and security audits with findings addressed within agreed timelines
• Effectiveness of third-party risk management program
• % of critical vulnerabilities remediated within defined SLAs
• Maturity level of the organization's security posture based on industry-standard frameworks
• Quality and timeliness of security reports to executive leadership and board
• % of OT/ICS assets with up-to-date security controls.

Person Specification

• Bachelor’s Degree in Computer Science, Information Security, or a related field; Master's degree preferred
• Minimum of 15 years cognate work experience with at least 5 years in a leadership role
• Minimum of 5- 7 years information security or cyber security experience
• Strong knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001) and regulations relevant to Oil and Gas industry
• Experience with ICS/SCADA security in industrial environments
• CISSP, CISM, CRISC and ISO2701 Certified
• Excellent communication skills, able to articulate complex security concepts to technical and non-technical audiences
• Strong leadership and project management skills
• Experience in incident response and crisis management
• Familiarity with cloud security, DevSecOps, and emerging technologies in the Oil and Gas sector
• Familiarity with laws, regulations and industry standards pertaining to security in Nigeria and Globally
• Proficiency in security assessments, audits and investigations at a large scale
• Excellent leadership and management skills, with the ability to lead and motivate a diverse security team
• Working knowledge of the Nigeria Data Protection Act.

Required Competencies:

• Oil and Gas Industry Dynamic
• Excellent track record of translating an organization's goals and objectives into security requirements
• Excellent communication and interpersonal skills to interact with individuals at all levels of the organization
• Experience of planning, prioritizing and organizing the work of yourself and others, delivering to tight deadlines whilst ensuring the effective use of resources
• Ability to communicate ideas in both technical and user-friendly language
• Excellent technical architecture and technical support documentation skills
• Customer Focus/Service Orientation
• Knowledge of IT infrastructure and Security architecture
• Experience of analyzing complex issues, innovating to resolve problems and thinking strategically
• Good time management and coordination Skills
• Strong Analytical and Client Relationship Management Skills
• Ability to adapt to changing security threats and technologies
• Demonstrable ability to work in a pressurized environment with conflicting priorities, ensuring that deadlines are met ensure high quality service.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online