Assistant Manager, Cybersecurity at Oando Plc

Oando Plc is one of Africa’s largest integrated energy solutions provider with a proud heritage. It has a primary listing on the Nigeria Stock Exchange and a secondary listing on the Johannesburg Stock Exchange. With shared values of Teamwork, Respect, Integrity, Passion and Professionalism (TRIPP).

We are recruiting to fill the position below:

Job Title: Assistant Manager, Cybersecurity

Location: Port Harcourt, Rivers
Job Type: Full-time
Reports to: Manager, IT Security

Overall Purpose of Job

• The Asst. Mgr. Cybersecurity is responsible for designing, developing, and overseeing the implementation of the organization's overall security architecture, with a focus on the unique challenges of the Oil and Gas industry.
• This role requires a deep understanding of business goals, security requirements, and industry-specific technologies to create a robust security framework that protects the company's digital and physical assets, ensures compliance with regulations, and aligns with business objectives.
• The Asst. Mgr. Security Architect will work closely with various IT teams, business units, and leadership to integrate security measures across all systems, networks, and field locations.

Responsible For:

• Enterprise Security Architecture, Risk Management, Security Strategy, Compliance, Identity and Access Management, Threat Modelling, Security Controls Design, Security Policies and Standards, Technology Evaluation, Incident Response Planning, OT/IT Convergence Security, Cloud Security, Vendor Management.

Responsibilities
Architecture and Strategy:

• Develop and maintain a comprehensive enterprise security architecture that aligns with business objectives and addresses current and emerging threats in the Oil and Gas industry
• Create and update security reference architectures, patterns, and blueprints to guide the implementation of security controls across the organization, including cloud environments, ERP systems, SCADA networks, and remote field locations
• Lead the design and implementation of security controls across all IT and OT infrastructure layers
• Develop and maintain a security technology roadmap that supports the organization's long-term security goals and addresses the convergence of IT and OT systems
• Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, Cybercrime Act, NDPR, NIST, GDPR, etc.).

Risk Management and Incident Response:

• Conduct regular risk assessments and threat modelling to identify vulnerabilities across IT and OT environments, and recommend mitigation strategies
• Lead security incident response planning and oversee major security incidents
• Ensure the effectiveness of disaster recovery and business continuity plans
• Oversee vulnerability management and penetration testing programs.

Security Operations and Implementation:

• Guide the implementation of security tools and technologies
• Oversee the security operations center (SOC) activities
• Ensure proper configuration and maintenance of security systems
• Monitor and analyze security metrics and key performance indicators
• Design and oversee the implementation of security controls for networks, systems, applications, and data, with a focus on protecting critical infrastructure and sensitive operational data.

Compliance and Governance:

• Develop, maintain, and enforce comprehensive security policies, standards, and guidelines that address both IT and OT environments
• Oversee internal and external security audits
• Manage security-related aspects of vendor relationships
• Collaborate with legal and compliance teams to address regulatory requirements specific to the energy sector

Leadership and Collaboration:

• Assist the CISO in coordinating the work priorities of Security Administrators across all aspects of security operations
• Collaborate with IT, OT, and business leaders to ensure security is integrated into all aspects of operations
• Provide regular reports and presentations to executive leadership
• Develop and maintain relationships with key security vendors and partners
• Act as a subject matter expert for all security-related matters.

Education and Awareness:

• Drive security awareness and training programs across the organization
• Stay abreast of emerging security threats, technologies, and best practices specific to the energy sector
• Educate executive leadership on cybersecurity risks and mitigation strategies
• Promote a culture of security awareness within the organization.

Continuous Improvement:

• Regularly assess the effectiveness of security controls across IT and OT environments and recommend improvements
• Implement metrics to measure the effectiveness of security programs
• Lead initiatives to enhance security maturity across the organization
• Integrate emerging technologies and methodologies into the security framework.

Person Specification

• Master’s Degree in Computer Science, Information Security, or related field
• 10+ years of experience in IT security, with at least 5 years in a senior security role
• Deep understanding of security architectures, frameworks, and methodologies
• Strong knowledge of network security, application security, and cloud security
• Experience with ICS/SCADA security in industrial environments
• Strong leadership and project management skills
• Experience with risk management and compliance frameworks
• Excellent communication skills, able to articulate complex security concepts to both technical and non-technical audiences
• Strategic thinker with the ability to align security initiatives with business objectives.

Required Competencies:

• Expert knowledge of cybersecurity principles, practices, and technologies
• Proficiency in security architecture frameworks (e.g. TOGAF)
• Strong understanding of IT governance frameworks (e.g., COBIT, ITIL)
• Expertise in security standards and regulations (e.g., ISO 27001, NDPR, NIST, GDPR)
• Advanced knowledge of network protocols, operating systems, and databases
• Familiarity with cloud security architectures and principles
• Strong project management and organizational skills
• Excellent problem-solving and analytical skills
• Ability to influence and collaborate with stakeholders at all levels
• Certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable
• Knowledge of Oil and Gas industry dynamics and specific security challenges.

Key Performance Indicators:

• Level of compliance with industry security standards and regulations
• Effectiveness of security controls across IT and OT environments
• % reduction in security incidents within the financial year
• Uptime of key security systems (e.g., firewalls, SIEM, IDS/IPS)
• Quality and timeliness of security reports to executive leadership
• Successful completion of penetration tests and security audits with findings addressed within agreed timelines
• % of critical vulnerabilities remediated within defined SLAs
• Maturity level of the organization's security posture based on industry-standard frameworks
• Number of security awareness training sessions conducted and employee participation rate.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online