Ongoing recruitment at First Bank of Nigeria Limited 7th May 2019
First Bank of Nigeria Limited (FirstBank) is Nigeria's largest financial services institution by total assets and gross earnings. With more than 10 million customer accounts, FirstBank has over 750 branches providing a comprehensive range of retail and corporate financial services. The Bank has international presence through its subsidiaries, FBN Bank (UK) Limited in London and Paris, FBNBank DRC, FBNBank Ghana, FBNBank Gambia, FBNBank Guinea, FBNBank Sierra-Leone and FBNBank Senegal, as well as its Representative Offices in Johannesburg, Beijing and Abu Dhabi.
We are recruiting to fill the vacant positions below:
Job Title: Infrastructure Monitoring Officer
Ref: 1900003C
Location: Lagos
Job: IT. OPS Job Family
Organization: Technology and Services
Schedule: Regular
Shift: Standard
Job Type: Full-time
Description/Requirements
- Communications skills (written and oral) and understanding of outbound /transferred call scripts including e-mail script.
- Evaluate and report alerts generated on the Intellinx investigation center.
- Ensure that alerts generated receive prompt response and proper placement.
- Resolve alerts generated on Intellinx investigation center and ensure proper reassignment where necessary or the closure of such alerts.
- Ensure all alerts generated within the shift window are resolve
- Ensure that all alerts/incidents generated are properly reviewed and close properly.
- Review close incidents
- Review the white/black list of users.
- Ensure alerts case management are properly documented.
- Answers inquiries by clarifying desired information, researching, locating, and providing information
- Resolves customer’s challenges by clarifying issues, researching and exploring answers and alternative solutions; escalating unresolved problems.
- Virtual interface with external customers through telephone engagement.
- Interactions with a lot of applications that holds customers information for investigations
- Extensive use of office productivity tools (Excel, word etc.)
- Computer appreciation skills with graphical knowledge
- Reasoning and analytical skills in customer problem resolution.
Qualifications
Education:
- Minimum Education: First Degree in any field.
Experience:
- Minimum experience: 2 years relevant experience
Job Title: Unit Head, Information Security Program Management
Job ref.: 1900003J
Location: Lagos
Job Type: Full-time
Schedule: Regular
Shift: Standard
Job Descriptions
- Coordinate the development, implementation and maintenance of an information security program, process and plan for FirstBank.
- Manage the definition of information security roles and responsibilities
- Coordinate the resource allocation process for information security operations department ensuring that adequately trained, skilled resources are available to implement the information security program and plan.
- Lead cross-functional program teams in security remediation planning and execution of security programs by planning and tracking of tasks, schedules, resources and dependencies - facilitate & drive project meetings
- Raise accountability; escalate issues in a timely manner and create and maintain detailed Project Plans
- Champion & contribute to project management best practices and innovate & champion processes/methodologies at project level
- Manage the process of Identifying , managing , and maintaining the security work products, resources required to implement the information security program and plan
- Communicate and coordinate relationship with internal and external stakeholders including third party organizations, service providers, equipment manufacturers and other Strategic Business Units on Information Security initiatives and programs.
- Manage the Security budget of the department, allocate and manage funding for all information security activities
- Coordinate the measurement and monitoring of cost, schedule, and performance against the information security plan and set strategic objectives.
- Engage and coordinate relationship with relevant stakeholders from the security environment (internal and external)
- Review the status of the information security program with higher level managers
- Identify, review, assess, and enable business functions that impact information security.
- Work with other security departments to ensure that FirstBank is pursuing a coordinated strategic for the protection of its information assets.
- Coordinate enterprise projects, assign resources from ISOD and coordinate the implementation of Bank wide initiatives aimed at improving security across the Bank.
- Formulate framework, policies and enterprise projects and departmental projects that will ensure the ongoing security of the Bank.
- Manage project and provide status to Head, Information security Operations Department
- Establish and maintain excellent working relationships/partnerships with external partners.
- Manage relationship with security equipment manufacturers, vendors and consultants.
- Support products and services offered by the Bank to ensure balance between customer assets security and product and service experience.
- Perform secondary support for upgrades and apply patches and/or bug fixes
Qualifications
Minimum Education:
- First Degree in Computer Science/Engineering, Higher Degrees
- At least three relevant professional certifications as appropriate
Experience:
- Minimum experience - Ten (10) years relevant working experience and 3 year working experience at supervisory level
Job Title: Threat Intelligence & Management Analyst
Ref: 1900003I
Location: Lagos
Job: IT. OPS Job Family
Organization: Technology and Services
Schedule: Regular
Shift: Standard
Job Type: Full-time
Description
- Assist to review the Banks products and services to ensure inherent security threats are mitigated
- Assist in driving security implementation in the design of new products, services and process in the Bank
- Assist to conduct regular reviews of databases and applications to identify threats and remediate accordingly
- Assist to review physical access control measures put in place in the Banks offices, buildings and environment bank-wide
- Conduct regular reviews of the Banks offices and other banks facilities to ensure that vulnerabilities and threats are identified and treated.
- Provide support as needed when a business disruption occurs.
- Identify opportunities to enhance detection systems and security controls to counter known threats.
- Monitor technology systems to identify, analyze, evaluate, treat, accept, and communicate security threats and risks
- Provide support during changes to existing systems and implementation of new systems
- Continuous monitoring of technology (e.g. network, systems, etc.) security to ensure compliance and optimal performance
- Assist with operational risk assessments and escalate key issues (where necessary)
- Contribute to the assessment of the effectiveness of security controls (in conjunction with internal control and other auditory bodies)
Qualifications
Education:
- Minimum Education: First Degree in Computer Science/Engineering, Higher Degrees/Professional Certificates
Experience:
- Working knowledge of PCI DSS
- Working knowledge of ISO 27001
- Good understanding of Best Practices Security architecture.
- Knowledge of the Banking industry and banking Operations
- Knowledge of the Banking applications, services/products
- Knowledge of the Software development Lifecycle
- Knowledge of Physical Security
- Knowledge of risk assessment and risk treatment procedures
Job Title: Database Security Management Analyst
Job ID: 19000039
Location: Lagos
Description
- Coordinate the planning & design of enterprise database security architecture
- Coordinate program designed to ensure security of the banks database systems and information assets.
- Maintain systems to protect against unauthorized access, modification, or destruction Identifies, reports, and resolves security violations.
- Manage user’s access and permission control for various database and management systems.
- Coordinate the analyses, development & implementation process for improvement using security tools such as DAM. Assist with the implementation of classification and categorization schema of data.
- Support the full system engineering life-cycle including requirements analysis, design, development, testing and implementation, assessment, authorization and monitoring of the information systems such as Data Loss Protection and other database applications.
- Manage the monitoring of database audit logs, Access Control List, password, and security assessment reports access on databases.
- Conduct risk assessment and provides documentation regarding product deficiencies, change or software issues.
- Provide and develop technical topics, lessons learned and training sessions for First Bank end users
- Maintaining the access control and permission for all databases and monitor the access and use of databases for likely breaches and threats.
- Support the requirements analysis, design, development, testing, and implementation for the data / content management system
- Maintain user access and permission control for various data management systems.
- Perform desktop support and troubleshooting for the various Databases.
- Conduct risk assessment and provides documentation regarding database issues.
- Create standards in Database Security processes, procedures and audit requirements
- Conduct security tool selection, pilot and implementation
Requirements
- Minimum Education: First degree in Computer Science/Engineering, Systems Engineering or with strong Information Security component
- Database Security knowledge the following platforms - Oracle (8i, 9i, 10g, 11g), Informix (9, 10, 11), MS SQL Server (6.5, 7, 2000, 2005, 2008), DB2 (8, 9), Sybase (11, 15), Teradata. Certified IBM DB2 DBA, version 8.
- Minimum experience: 3 years banking experience
Job Title: Team Lead, Electronic Transaction Monitoring
Job ref.: 1900003E
Location: Lagos
Job Type: Full-time
Schedule: Regular
Shift: Standard
Job Descriptions
- Oversee the management of Electronic Transaction monitoring for First Bank Group
- Direct or Implementation Incident Reporting methodology for the Electronic Transaction Management
- Direct or Implementation Incident Management methodology for the Security Operations Center.
- Oversee the Security Systems monitoring for the Security Operations Center
- Implement incidents analysis framework for capturing and development of lessons learnt in Security Operations Center.
- Research and deliver security briefings to support Unit staff awareness and business planning
- Oversee routine security reports and transactions threat Assessments and on occurrence Alerts
- Co-ordinate and supervise the daily management of the SOC fraud investigation center for the Bank and ongoing implementation of other rules across the First Bank group.
- Manage the Implementation of sound independent Technology control policies, practices and standards to mitigate all sources of Information Technology risks across all layers of Information systems around electronic transactions
- Coordinate and ensuring prevention and /or detection of IT operational frauds/lapses/business losses for the SOC/Bank
- Supervise the provision of quality assurance and effective User Acceptance testing (UAT) /change management process for the SOC/bank.
- Co-ordinate and oversee the analyses and development of processing logic and data extraction scripts in the implementation that relates
- Co-ordinate and manage the identification and resolution of SOC operational lapses, rejected events, system bugs and reconciliation issues Bank-wide.
- Supervise and organize the execution of preliminary review and approval of proposed changes to system parameters and critical tables before implementation bank-wide as it relates to SOC.
- Supervise the Implementation of sound logical access controls mechanisms such as segregation of duties or Role-based user managements on Major SOC application systems for the bank.
- Co-ordinate and manage the implementation / deployment of subsequent fraud rules. · · Supervise the resolution of audit issues and exceptions on IT operations, Infrastructure and Enterprise security teams bank-wide.
- Supervise implementation of fraud rules development/deployment for the group, across all platforms.
- Supervise research on new fraud dynamics in the industry
- Supervise the implementation of the Industry Fraud Desk for the Bank
- Co-ordinate the implementation of Industry Fraud Management solution deployed by NIBSS.
- Co-ordinate and oversee the Industry Fraud desk.
- Developing strategies for Prevention and /or detection of IT operational frauds/lapses/business losses across platforms.
- Ensure Critical Call-over /Exceptions reports are delivered to branches daily.
- To develop strategies for the Automation of Electronic Transaction management processes and procedures (including scripting, Anti-fraud rules and use of specialized tools) to enhance productivity and operational efficiency of the division.
- Developing and overseeing the Implementation of appropriate Role structures, review procedures and other transaction mechanisms to ensure fraud-free across various operating platforms.
- Implement Electronic Transaction Management based on representations around spate of fraud and cybercrime on customer electronic transactions across other Africa countries.
Qualifications
Education:
- Minimum Education: First degree in any of any Science/Numerate discipline, MBA will be an added advantage
Experience:
- Minimum experience - 11 years banking experience
Job Title: Team Lead, Information Assets Security
Ref No: 1900003F
Location: Lagos
Organization: Technology and Services
Schedule: Regular
Job Type: Full-time
Description
- Develop and maintain inventories of information assets
- Define, implement, assess, and maintain controls necessary to protect information and vital assets including media and paper-based information assets in accordance with security requirements
- Develop and coordinate efforts aimed at the protection of enterprise information assets
- Develop integration solution and operational processes for the safeguard of classified data and information enterprise wide.
- Review existing policies, and coordinate efforts at automating such policies towards protection of information assets in the Bank.
- Provide support for the overall coordination of data protection and information leakage prevention across all platforms across the bank
- Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business unit stakeholder SMEs to ensure coordinated efforts in the protection of information assets.
- Develop process and methodologies to enhance data loss prevention management across multiplicity of the banks applications and products.
- Benchmark against security and fraud management implementation against applicable industry and international standards, develop appropriate event triggers and red flags.
- Ensure the review of Information assets (data) creation, communication, transmission, storage and archiving processes and systems. Build guiding privacy policies and standards from these reviews and ensure appropriate control mechanisms are in place to safeguard information assets.
- Communicate and collaborate with Information security operations department analysts to optimize information assets protection and Data loss prevention efforts in the Bank
- Support products and services offered by the Bank to ensure balance between customer assets security and product and service experience.
Qualifications
Education:
- Minimum Education: First Degree in computer science/Engineering, Higher Degrees
- At least three Relevant Professional Certifications as appropriate
Experience:
- Minimum experience - Ten (10) years relevant working experience and 3 year working experience at supervisory level
Job Title: Team Lead, Situational Awareness/Operational Environment Standardization
Ref No: 1900003G
Location: Lagos
Organization: Technology and Services
Schedule: Regular
Shift: Standard
Job Type: Full-time
Job Description
- Provide users at all levels and in all operational environments access to and use of the information they need
- Protecting and maintaining the integrity, quality, and availability of information.
- Provide timely and complete Situational Awareness information
- Provide clear, well integrated and enforceable operational policies
- Define standard data and information suitable to support the required level of situation awareness
- Defining, implementing, and enforcing the acceptable use policy
- Proper assessment of the current operations occurring within the Banks network and infrastructure
- Assess potential breakdowns, weak areas or vulnerabilities that can be exploited to maximum effect in crippling the banks system and communicate contingency preparedness and readiness status to management.
- Monitoring of unusual events or occurrences within the Cybersecurity network.
- Implement processes and solutions to ensure the banks flexibility to approach possible threats and mitigate them before they can be successful.
- Determine information security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.
- Responsible for tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management.
- Notify the banks and other stakeholders of significant changes in the security threat against the Customer networks in a timely manner and in writing via established reporting methods.
- Coordinate with appropriate organizations regarding possible security incidents. Conduct intra-office research to evaluate events as necessary, maintain the current list of coordination points of contact.
- Produce reports identifying significant or suspicious security events to appropriate parties. Include latest security threat information and tie back to specific intrusion sets of nation state actors when possible.
- Review and evaluate network modifications and recommend security monitoring policy updates.
- Establish procedures for handling each security event detected.
Qualifications
Education:
- Minimum Education: First Degree in computer science/Engineering
Experience:
- Minimum experience - 10 year working knowledge in Information Technology/Information Security.
- Higher Degrees/Professional Certificates
- Working knowledge of PCI DSS
- Working knowledge of ISO 27001
- Information Security Standards, security architecture and practices.
- Good knowledge of network security and encryption models
Job Title: Team Lead, Threat Intelligence & Management
Job ID: 1900003H
Location: Lagos
Description
- Develop and implement Threat Intelligence strategy and security plan for the mitigation of security risks and the protection of data.
- Lead threat and Intelligence processes to identify, analyze, qualify, quantify, treat, accept, communicate and monitor risks related to information technology.
- Lead threat Intelligence team throughout the development and implementation of projects to ensure business, legal, and technical needs, threats and opportunities are identified and managed.
- Establishing and supporting the direct connection between threats, vulnerabilities, compliance, risks, actions, and consequences.
- Ensures appropriate short-term and long-term measures are taken to remedy problems and react to anticipated needs.
- Assist to review the Banks products and services to ensure inherent security threats are mitigated.
- Establish technical and operational structures to ensure the correct implementation of security.
- Conduct internal network "hunting" activities, examining assets for malware, advanced persistent threats (APTs), hidden anomalies, and other indicators of compromise.
- Proactively manages technical and application portfolio availability and performance with emphasis on threats and compromise.
- Review defined levels of tolerance and risk exposure with a focus on mitigating them.
- Manage vulnerabilities and threat events in case of any failure or incident in the Organization
- Provide guidance and support during changes to existing systems and implementation of new systems
- Work with Process and Methods to define KPIs for evaluating effectiveness of threat management measures and controls
- Identify solutions for threat and intelligence, as well as determine and coordinate improvements.
- Manage threats with respect to development and implementation of IT Disaster Recovery Plan.
- Ensure that threat incidents are properly managed; as well as follow-up on solutions to prevent recurrence
- Promote a culture of adherence to security policies and practices
- Assess the effectiveness of security controls (in conjunction with internal control and other auditory bodies)
- Assist to review physical access control measures put in place in the Banks offices, buildings and environment bank-wide
- Communicate the results of threat analysis to management, explaining the impact on IT and the business
- Provide leadership and technical guidance to reports
Qualifications
Education:
- First Degree in Computer Science/Engineering
- Higher Degrees/Professional Certificates
Experience:
- Working knowledge of PCI DSS
- Working knowledge of ISO 27001
- Good understanding of Best Practices Security architecture.
- Knowledge of the Banking industry and banking Operations
- Knowledge of the Banking applications, services/products
- Knowledge of the Software development Lifecycle
- Knowledge of Physical Security
- Knowledge of risk assessment and risk treatment procedures
Job Title: Vulnerability Mgt. Analyst
Ref No: 1900003K
Location: Lagos
Organization: Technology and Services
Schedule: Regular
Job Type: Full-time
Description
- Conduct regular reviews of Banks network using manual/automated means to ensure that configurations meet best security practices
- Carry out periodic vulnerability assessments and penetration testing on Applications and Networks
- Drive situational awareness to all staff and other stakeholders based on risk identification
- Conduct payment card data discovery scans to ensure security of Card Holder data
- Conduct internal and external Penetration tests on the Bank’s information systems and make recommendations to critical findings
- Provide in-house information security consulting expertise to the Bank
- Assist in all security operations aimed at identifying cyber-attacks on the Bank
- Engage with vendors and third parties on the identification and remediation of vulnerabilities
- Provide periodic report on the status of vulnerabilities in the Bank
- review the security of critical systems (e.g., e-mail servers, Active Directory, applications databases etc.) and changes to sensitive security controls to ensure appropriate security balance and strength across the Bank.
- Provide insight on Security defense and hardening practices
- Research and keep up-to-date with hacking/defense techniques, exploits and countermeasures
- Analyze and evaluate vulnerabilities for exploitability and relevance.
- Engage with stakeholders on timelines for closure of vulnerabilities and advise on appropriateness
Qualifications
Education:
- Minimum Education: First Degree in computer science/Engineering, Higher Degrees/Professional Certificates
Experience:
- Minimum experience – Working knowledge of PCI DSS
- Working knowledge of ISO 27001
- Knowledge of the Security tools such as Qualys, Burp Suite, etc
- Good Knowledge of Penetration testing tools.
- Good knowledge of MS Windows and Linux
- Good understanding of Best Practices Security architecture.
- Working knowledge of penetration testing.
- Good knowledge of network protocols including UDP/TCP/IP
- Professional level knowledge of Access control lists, NAT, routing and switching
Job Title: Incident Mgt. & Response Analyst
Ref No: 1900003B
Location: Lagos
Job: IT Tech, SEC & OPS
Organization: Technology and Services
Schedule: Regular
Shift: Standard
Job Type: Full-time
Job Description
- Provide support to identify and resolve security incidents and events.
- System-wide collaboration on various issues including incident response.
- Monitor security alert and threat resources for applicable security vulnerabilities.
- Participate and promote security awareness and training.
- Complete special projects as directed.
- Participate in the Information Security Incident Response process.
- Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, data breaches, etc.
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
- Assist in identifying and remediating gaps as identified throughout the investigation
- Review log-based data, both in raw form and utilizing SIEM or aggregation tools
- Prepare reports by collecting, analyzing, and summarizing trends
- Establish timelines and patterns of activity based on multiple data sources.
Qualifications
Education:
- Minimum Education: First Degree in Computer Science/Engineering, Higher Degrees/Professional Certificates
Experience:
- Working knowledge of PCI DSS
- Working knowledge of ISO 27001
- Good understanding of Best Practices Security architecture.
- Knowledge of the Banking industry and banking Operations
- Knowledge of the Banking applications, services/products
- Knowledge of the Software development Lifecycle
- Knowledge of Physical Security
- Knowledge of risk assessment and risk treatment procedures
Job Title: Security Infrastructure Management Analyst
Ref No: 1900003D
Location: Lagos
Job: IT. OPS Job Family
Organization: Technology and Services
Schedule: Regular
Shift: Standard
Job Type: Full-time
Job Description
- Participate in planning & design of infrastructure security architecture
- Specify, allocate, and assign confidentiality, integrity, and availability requirements to development and acquisition organizations and assets
- Develop and maintain an enterprise security architecture
- Create and maintain schematics, architectural and topological diagrams of the entire security architecture and ensure a Change Management procedure is adhered in case of design changes.
- Ensure that security requirements are adequately addressed throughout the development and acquisition lifecycles for all assets
- Perform certification and accreditation prior to releasing new systems and software to production
- Serves as an internal information security consultant to the organization.
- Assists in the development and implementation of security policies and procedures.
- Initiates, facilitates and promotes activities to create information security awareness within the organization.
- Assists with performing information security risk assessments and serves as an internal expert for information security related issues.
- Helps reviews system-related security plans throughout the organization's corporate information systems and applications.
- Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager or business area.
- Maintains information security devices and solutions for the organization, such as Intrusion Detection Systems, e-Discovery, Hard Disk Encryption, and Vulnerability Scanners.
- Supports the security incident response process.
- Provides input in selection of system software and hardware, with emphasis on security and compliance requirements.
- Supports development of security deliverables for enhancements to production systems and new development.
- Monitors security queues for daily tickets in support with the organizations daily operations.
Qualifications
Education:
- Minimum Education: First Degree in computer science/Engineering, Higher Degrees
- At least three Relevant Professional Certifications as appropriate
Experience:
- Minimum experience - Ten (10) years relevant working experience and 3 year working experience at supervisory level
Job Title: Head - Security Engineering & Assets Security Unit
Ref No: 1900003A
Location: Lagos
Organization: Technology and Services
Schedule: Regular
Job Type: Full-time
Description
- Security requirements: specify, allocate, and assign confidentiality, integrity, and availability requirements to development and acquisition organizations and assets
- Security architecture: Develop and maintain an enterprise security architecture
- Secure lifecycle: ensure that security requirements are adequately addressed throughout the development and acquisition lifecycles for all assets
- Certification and accreditation: perform certification and accreditation prior to releasing new systems and software to production
- Manages and assess the bank’s security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack.
- Coordinates and prioritize security coverage to ensure that strategically important data, such as commercial information or personal data, receives the highest levels of protection.
- Manages all activities that serve to provide appropriate access to protect the customers information and that of all security solutions.
- Perform gap analysis based on the understanding of current-state and target-state of the Information Security architectures.
- Coordinates the selection, design, justification, implementation and operation of information security controls and management strategies in accordance with regulations.
- Ensures that projects are compliant with the banks Information Security architecture framework and secure development standards.
- Coordinate and provide leadership and oversight of information assurance, setting high level strategic and policies to ensure stakeholder’s confidence, that risk to the integrity of information in storage and transit is managed pragmatically and in a cost-effective manner.
- Manage the overall Business Continuity Planning process and report results to the Information Security Management team.
- Coordinate the execution of vulnerability assessments processes, penetration tests and security audits.
- Coordinate the enforcement of Information Security standards and policies including the maintenance of security certifications e.g. the Payment Card Industry Data Security Solutions (PCIDSS).
- Coordinate regular security awareness workshops for all Information Security Operation’s employees to ensure consistently high levels of compliance with regulatory bodies.
- Create and maintain Information Security documents, comprising, policies, standards, baselines, guidelines and procedures.
- Establishes, plans, and administers the overall policies and goals for the information security operations department.
- Manage the deployment, monitoring, maintenance, development, upgrade, and support of all Information Security services.
- Develop standard operating procedures for Information Security best practices and service provision.
Qualifications
Education:
- Minimum Education: First Degree in Computer Science/Engineering, Higher Degrees
- At least three Relevant Professional Certifications as appropriate
Experience:
- Minimum experience - Ten (10) years relevant working experience and 5 years working experience at supervisory level
How to Apply
Interested and qualified candidates should:
Click here to apply