FIRST Exploration & Petroleum Development Company Limited (FIRST E&P) is a Nigerian oil and gas company that was established in 2011. It started formal business operations on the 1st of July, 2012. FIRST E&P is a deeply technical, commercial and entrepreneurial organization, with full delivery capability across the entire upstream oil and gas value chain.
We are recruiting to fill the position below:
Job Title: Cybersecurity Lead
Location: Lagos
Employment Type: Full-time
Description
- The Cybersecurity Lead is responsible for safeguarding the organization’s information assets, operational technology interfaces, digital platforms, and data by leading the enterprise cybersecurity and information security function.
- Reporting directly to the Chief Technology Officer (CTO), the role provides independent oversight of cybersecurity risk, governance, and compliance while supporting safe, reliable, and efficient business and operational outcomes.
- The role operates within a lean technology organization and works closely with Technology Operations, Digital & Technology Innovation, and Technical Project Management teams to embed cybersecurity controls into day‑to‑day operations and project delivery.
Key Accountabilities
Cybersecurity Strategy & Governance:
- Define the organization information and cybersecurity strategy together with the Digital and Technology innovation team. And execute the strategy in alignment with operational reliability, safety, and business objectives.
- Establish and maintain cybersecurity policies, standards, and procedures aligned with global best practices and regulatory expectations.
- Ensure security considerations are integrated into infrastructure, cloud, business applications, and digital transformation initiatives.
Cyber Risk Management & IT GRC:
- Lead enterprise cybersecurity risk management activities, including identification, assessment, mitigation, and reporting of cyber risks.
- Maintain the cybersecurity and IT risk register and support integration with broader enterprise risk management processes.
- Ensure compliance with applicable regulatory requirements, contractual obligations, and data protection standards relevant to the oil and gas operating environment.
- Coordinate and support internal and external audits, risk assessments, and assurance activities.
Security Operations & Incident Response:
- Provide oversight and service assurance for outsourced Security Operations Centre (SOC) services.
- Lead and coordinate cybersecurity incident response activities, including investigation, containment, remediation, and post‑incident reviews.
- Ensure incident response plans, escalation procedures, and communication protocols are defined, tested, and operationally practical.
Threat Intelligence, Vulnerability & Assurance:
- Oversee vulnerability management and penetration testing programs delivered by third‑party providers.
- Work with Technology Operations teams to ensure timely remediation of identified vulnerabilities, prioritised based on operational and business risk.
- Monitor emerging cyber threats and industry‑relevant attack patterns and translate insights into practical control improvements.
Identity, Access & Architecture Security:
- Oversee Identity and Access Management (IAM) controls, including privileged access management and user lifecycle processes.
- Promote least‑privilege access, segregation of duties, and zero‑trust principles across enterprise IT and digital platforms.
- Provide security input into system architecture, solution designs, and technology standards.
Third‑Party & Supply Chain Security:
- Assess and manage cybersecurity risks associated with vendors, service providers, and technology partners.
- Ensure appropriate security controls and requirements are embedded within contracts and service agreements.
Security Awareness & Capability Development:
- Deliver security awareness and targeted training programs to improve cyber hygiene across the organization.
- Provide guidance and coaching to technology and digital delivery teams on secure practices.
- Line‑manage and mentor a Cybersecurity Analyst to build internal security capability.
Reporting & Stakeholder Engagement:
- Report cybersecurity risks, incidents, and overall security posture directly to the CTO.
- Provide clear, practical cybersecurity insights to technology leadership and business stakeholders.
- Act as the primary cybersecurity point of contact across the organization.
Requirements
The ideal candidate must possess the following:
- Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity, or a related discipline.
- 5 - 8 years’ experience in cybersecurity, information security, or IT GRC roles within enterprise environments.
- Practical experience with cybersecurity governance frameworks such as ISO/IEC 27001, NIST Cybersecurity Framework, or similar.
- Proven experience conducting cybersecurity risk assessments, audits, and compliance activities.
- Familiarity with security operations concepts, incident response, vulnerability management, and third‑party security oversight.
- Experience working in regulated or asset‑intensive industries (e.g., oil & gas, energy, utilities, or heavy industry) is an advantage.
- Relevant professional certifications (or working towards them) such as ISO 27001, CISSP, CISM, or CRISC are desirable.
- Strong understanding of both technical cybersecurity controls and IT governance, risk, and compliance.
- Practical, risk‑based approach suited to operational environments where availability, safety, and business continuity are critical