Chief Information Security Officer -Nigeria
Moment

Africa is at the cusp of an economic revolution. 1.5 billion people are embracing electronic payments, mobile everything, and racing towards a digital transformation that will change the world for the next two decades. While Internet- and banking-penetration have come late to Africa, a youth-driven tidal wave of change is hitting the continent, and global businesses and local champions are in a race to unlock its potential.
In partnership with Multichoice, the largest entertainment platform on the African continent, we are building a payment platform as ambitious as the customers we serve.
This is truly the Moment for Africa.
Our Culture
At Moment, we believe building the future is a team sport; partnership and collaboration lie at the core of everything we do. We take pride in working hard and strive to be world class every day, without forgetting to have a little fun along the way. We’re straight-talkers who prioritize speed of execution over perfection. We’re ok with uncertainty and don’t let it get in the way of making smart decisions quickly. We like to get things done.
We value diversity of thought, culture, and background and strive to build a business and work environment as vibrant as the continent we serve. Changing the lives and unlocking the ambitions of a continent isn’t for the faint of heart - but with a passion for people and a desire to make a lasting impact on Africa, we believe we can build an enormous business that also delivers good in the world.
Job requirements:
Education:
- Bachelor's degree in Computer Science, Information Security, Information Technology, or a related field.
- Advanced degree (MBA or MSc) in Cybersecurity, Risk Management, or a related discipline is an advantage.
Professional Certifications (required or to be acquired within 3 years):
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Chief Information Security Officer (CCISO)
- Other relevant industry certifications
Experience:
- Minimum 10 years of relevant experience in cybersecurity, information security, or IT risk management.
- At least 5 years in a leadership role within a regulated financial institution or large corporate.
- Proven experience in managing cross-border or multi-entity security programs is preferred.
- Proven experience with cloud platforms (AWS, Azure, GCP) and associated security services.
Key Competencies & Skills:
- Strong knowledge of regulatory requirements across the African continent (SARB, CBN, NDIC) and international cybersecurity standards.
- Expertise in threat detection, incident response, risk management, governance, identity and access management, business continuity and disaster recovery planning.
- Strategic thinker with strong leadership and stakeholder engagement skills.
- Excellent analytical, communication, and problem-solving abilities.
- High level of integrity, professionalism, and discretion.
Job responsibilities:
Cybersecurity Strategy & Governance
- Develop, implement, and maintain the Group’s cybersecurity strategy, program, and governance framework, aligned with business objectives and approved by the Board.
- Submit the Board-approved cybersecurity framework to the Director of the Other Financial Institutions Supervision Department (OFISD) for regulatory compliance.
- Oversee the development and review of cybersecurity policies, procedures, and minimum security standards for all entities within the group.
- Align cybersecurity programs with regulatory standards across the African Continent (SARB, CBN, NDIC, etc.) and global frameworks including PCI DSS, SOC 2, ISO/IEC 27001, and NIST CSF.
- Ensure alignment of the cybersecurity program with applicable legal and regulatory requirements.
- Integrate cloud-native security controls and frameworks (e.g., CIS Benchmarks, AWS Well-Architected Framework - Security Pillar, etc.) into group standards.
Cyber Risk Management & Compliance
- Conduct and oversee regular group-wide cyber risk assessments and maturity reviews
- Evaluate and manage risks introduced by third-party service providers and vendors.
- Design controls for managing cyber risks in both normal operations and emergency/crisis situations.
- Ensure cybersecurity responsibilities and accountabilities are assigned across business units, not just IT.
- Lead regulatory audit readiness and responses (e.g., PCI DSS, SOC 2 Type II).
Cybersecurity Operations
- Oversee 24/7 monitoring, threat detection, and response capabilities.
- Lead the creation, testing, and refinement of the incident response plan, including clear roles, escalation paths, and post-mortem processes.
- Enforce data protection controls, secure data backup, and disaster recovery planning.
- Implement secure software development standards and application security testing for in-house and third-party systems.
- Work with engineering teams to embed security controls into cloud and on-prem infrastructure.
Reporting & Communication
- Provide quarterly reports to the CTO/CEO and the Board on:
- Cybersecurity posture, program maturity and effectiveness
- Major cybersecurity threats, incidents, responses, and their impact
- Policy exceptions and risk exposures
- Status of information system confidentiality, integrity, and availability
- Ensure cybersecurity is a standing agenda item at Board and Senior Management meetings.
Stakeholder Collaboration & Threat Intelligence
- Collaborate with national and international security agencies, financial institutions, and partners to stay informed on emerging cyber threats and share intelligence.
- Incorporate threat intelligence and scenario-based analysis into business continuity and cyber resilience planning.
Asset & Identity Management
- Ensure accurate and up-to-date inventories of software, hardware, users, and their relationships across the institution’s network.
- Oversee identity and access management policies, including least privilege and role-based access control.
- Ensure secure onboarding and offboarding processes.
Capacity Building & Awareness
- Organize cybersecurity training programs to enhance awareness and technical proficiency across the group.
- Promote a culture of security awareness at all levels — internal staff, contractors, business partners, and third parties.
See more jobs in Lagos, Lagos