We are seeking a skilled professional to oversee governance frameworks and develop robust policies to ensure organizational compliance and strategic alignment. The ideal candidate will possess a strong background in regulatory affairs, risk management, and corporate governance, with a proven ability to craft clear, actionable policies. Responsibilities include monitoring regulatory changes, advising leadership on governance best practices, and implementing frameworks that mitigate risks while fostering ethical decision-making. Proficiency in policy analysis, stakeholder engagement, and cross-functional collaboration is essential. A degree in law, public administration, or a related field, along with relevant certifications, is preferred.
Formulate, assess, and uphold information security policies, standards, procedures, and guidelines to ensure robust protection of organizational assets and compliance with regulatory requirements.
Ensure compliance with established frameworks and regulatory standards, including ISO/IEC 27001, PCI DSS, and the CBN Cybersecurity Framework.
Establish comprehensive security governance frameworks, delineate clear roles and responsibilities, and implement structured decision-making processes.
Risk Mitigation plays a critical role in identifying, assessing, and addressing potential threats to ensure organizational stability and compliance. This position requires a strong analytical mindset, proficiency in risk assessment methodologies, and the ability to develop proactive strategies to minimize exposure. Key responsibilities include evaluating financial, operational, and strategic risks, implementing control measures, and ensuring adherence to regulatory standards. The ideal candidate will possess excellent problem-solving skills, keen attention to detail, and the capacity to communicate complex risk concepts clearly to stakeholders at all levels. Experience in risk modeling, data analysis, and familiarity with industry-specific regulations are highly desirable.
Conduct enterprise information security risk assessments and develop corresponding risk treatment plans.
Responsibilities include overseeing the security risk register and monitoring remediation efforts to ensure timely and effective resolution of identified risks.
Provide strategic guidance to business units regarding the acceptance, mitigation, transfer, or avoidance of risk.
Ensures adherence to all applicable laws, regulations, and internal policies while mitigating legal and operational risks through systematic monitoring, assessment, and reporting. Implements and maintains robust compliance frameworks, conducts thorough audits, and provides clear guidance to stakeholders to foster a culture of integrity and accountability. Collaborates with cross-functional teams to interpret regulatory changes, assess their impact, and integrate necessary adjustments into business practices.
Ensure adherence to all relevant legal, regulatory, and contractual obligations, including but not limited to the Nigeria Data Protection Regulation (NDPR), the Central Bank of Nigeria Cybersecurity Framework, the Payment Card Industry Data Security Standard (PCI DSS), and ISO 27001.
Oversee the planning and execution of internal and external audits, assessments, and certification processes to ensure compliance with established standards and regulations.
Monitor and address audit findings and compliance deficiencies to ensure adherence to regulatory standards and organizational policies.
Responsibilities include compiling and analyzing performance metrics, preparing detailed reports, and ensuring data accuracy through rigorous assurance processes. The role involves overseeing the collection, validation, and presentation of key performance indicators while maintaining compliance with established standards. Additionally, the position requires generating insights from data to support strategic decision-making and operational improvements. Strong analytical skills, proficiency in reporting tools, and a commitment to quality assurance are essential for success in this role.
Establish and oversee security governance key performance indicators (KPIs), key risk indicators (Kris), and performance dashboards to ensure comprehensive tracking and reporting of security metrics.
Compose comprehensive security posture reports tailored for management, risk committees, and auditors.
Provide board-level and executive reporting on matters related to information security.
Third-party and vendor security governance entails the establishment and enforcement of comprehensive policies, procedures, and standards to oversee and mitigate risks associated with external partners. This role requires a deep understanding of cybersecurity frameworks, regulatory compliance, and industry best practices to ensure that third-party engagements align with organizational security objectives. Responsibilities include conducting thorough security assessments, monitoring vendor performance, addressing identified vulnerabilities, and maintaining rigorous audit trails to demonstrate adherence to security protocols. Strong analytical skills, meticulous attention to detail, and the ability to collaborate across departments are essential for effectively managing and mitigating potential security threats posed by external entities.
Conduct third-party security risk assessments and oversee due diligence processes to ensure compliance with organizational standards.
Conduct a thorough assessment of supplier security measures and analyze contractual security provisions to ensure compliance and mitigate risks.
Ensure continuous adherence to regulatory standards by critical vendors through regular oversight and evaluation.
We are committed to fostering a culture of awareness and driving continuous improvement across our organization. This role requires a proactive mindset to identify inefficiencies, evaluate processes, and implement innovative solutions that enhance productivity and quality. You will be responsible for analyzing performance metrics, gathering feedback, and collaborating with cross-functional teams to refine workflows and achieve operational excellence. Strong analytical skills, a results-driven approach, and the ability to adapt to evolving business needs are essential for success in this position.
Facilitate and promote security awareness and policy training programs to ensure comprehensive understanding and adherence across the organization.
Track developments in regulatory frameworks and evolving governance best practices to ensure ongoing compliance and strategic alignment.
Enhance governance and control maturity through ongoing, iterative enhancements to achieve sustained progress and excellence.
Requirements
Earn a Bachelor’s degree in Information Security, Computer Science, Information Technology, or an equivalent discipline.
A minimum of five to nine years of professional experience in information security governance, risk management, and compliance (GRC) is required.
Proven expertise in deploying or overseeing security frameworks, including ISO 27001, the CBN Cybersecurity Framework, the NDPR, and PCI DSS.
Proficient in applying risk management frameworks and control systems with a deep understanding of their methodologies.
Proven track record in conducting audits, performing compliance evaluations, and adhering to regulatory standards.
Possesses a solid understanding of security tools and platforms that facilitate governance and compliance initiatives.
A background in financial services, fintech, or telecommunications would be particularly beneficial.
Qualifications
BA/BSc/HND
Experience Required
5 - 9 years
