We are seeking a seasoned professional to oversee and enhance our governance and policy frameworks, ensuring alignment with regulatory standards and organizational objectives. The ideal candidate will develop, implement, and monitor policies, while providing strategic guidance to leadership on compliance and ethical considerations. Additionally, the role requires collaboration with cross-functional teams to assess risks, streamline processes, and foster a culture of accountability and transparency. Strong analytical skills, a comprehensive understanding of governance best practices, and the ability to communicate complex regulations clearly are essential for success in this position.
Craft, evaluate, and uphold information security policies, standards, procedures, and guidelines to ensure comprehensive protection and compliance across the organization.
Ensure compliance with established frameworks and regulatory standards, including ISO/IEC 27001, PCI DSS, and the CBN Cybersecurity Framework.
Establish frameworks for security governance, delineate key roles, and implement structured decision-making protocols.
Conducts comprehensive risk assessments to identify potential threats and vulnerabilities across various operational domains. Implements and maintains robust risk mitigation strategies to safeguard organizational assets and ensure business continuity. Monitors emerging risks through continuous evaluation of internal and external factors while adhering to regulatory compliance standards. Collaborates with cross-functional teams to develop proactive contingency plans and enhance resilience against disruptions. Provides expert guidance to senior leadership on risk-related matters and recommends data-driven solutions to minimize exposure and maximize operational efficiency.
Conduct enterprise-level information security risk assessments and develop corresponding risk treatment plans.
Oversee the security risk register and monitor the progress of remediation efforts diligently.
Provide strategic guidance to business units regarding the acceptance, mitigation, transfer, or avoidance of risk.
Ensures adherence to all applicable laws, regulations, and industry standards, mitigating risks associated with non-compliance. Develops, implements, and maintains robust compliance programs, policies, and procedures to uphold organizational integrity. Monitors regulatory changes, assesses their impact on business operations, and advises leadership on necessary adjustments. Conducts audits, inspections, and assessments to verify compliance with internal and external requirements. Collaborates with cross-functional teams to foster a culture of compliance and ethical behavior. Provides training and guidance to employees on regulatory obligations and best practices. Investigates and resolves compliance-related incidents, recommending corrective actions to prevent recurrence. Maintains comprehensive documentation of compliance activities and ensures transparency in reporting.
Ensure adherence to all relevant legal, regulatory, and contractual obligations, including but not limited to the Nigeria Data Protection Regulation (NDPR), the Central Bank of Nigeria Cybersecurity Framework, the Payment Card Industry Data Security Standard (PCI DSS), and the ISO 27001 standard.
Oversee the planning and execution of internal and external audits, evaluations, and certification processes.
Monitor and address audit findings and compliance deficiencies to ensure adherence to regulatory standards and organizational policies.
Metrics, Reporting, and Assurance professionals are responsible for developing and implementing robust data collection systems to track key performance indicators (KPIs) and ensure compliance with regulatory standards. They analyze and interpret complex datasets to generate actionable insights, supporting data-driven decision-making across the organization. This role involves maintaining accurate financial records, validating audit trails, and providing assurance on the integrity and reliability of reported information. Additionally, they collaborate with cross-functional teams to streamline reporting processes, identify trends, and recommend improvements to enhance operational efficiency and risk management. Strong analytical skills, proficiency in advanced reporting tools, and a keen attention to detail are essential for success in this position.
Establish and oversee security governance key performance indicators (KPIs), key risk indicators (Kris), and dynamic dashboards to ensure comprehensive monitoring and reporting of security metrics.
Develop comprehensive security posture reports tailored for presentation to management, risk committees, and auditors.
Prepare comprehensive board-level and executive reports detailing information security initiatives, risks, and compliance status for organizational leadership review.
The governance of third-party and vendor security encompasses the oversight and management of security practices for external partners and suppliers. This role involves establishing and enforcing security policies, conducting risk assessments, and ensuring compliance with relevant regulations and organizational standards. Responsibilities may include monitoring vendor security postures, addressing security incidents involving third parties, and collaborating with internal teams to mitigate risks. Additionally, the position may require regular audits and evaluations to verify adherence to security frameworks and contractual obligations.
Conduct external security risk evaluations and thorough due diligence reviews in partnership with third-party entities.
Conduct thorough evaluations of suppliers’ security measures and analyze contractual security provisions to ensure alignment with organizational standards and compliance requirements.
Ensure continuous adherence to regulatory and contractual obligations by critical vendors.
We prioritize fostering a culture of awareness and driving ongoing enhancement across all operational facets. This involves actively identifying opportunities for refinement, implementing targeted improvements, and ensuring sustained progress through systematic evaluations and feedback mechanisms. Our goal is to cultivate an environment where proactive adjustments and iterative enhancements are integral to our long-term success and operational excellence.
Facilitate the development and implementation of security awareness and policy training programs to educate employees and reinforce organizational security protocols.
Track developments in regulations and evolving governance practices to ensure ongoing compliance and strategic alignment.
Enhance governance and control maturity through ongoing, systematic improvements.
Requirements
A bachelor’s degree in Information Security, Computer Science, Information Technology, or a closely related discipline is required.
A minimum of five to nine years of professional experience in the domains of information security governance, risk management, and compliance (GRC) is required.
Proven expertise in deploying or overseeing security frameworks such as ISO 27001, the CBN Cybersecurity Framework, NDPR, and PCI DSS is essential.
Demonstrates a comprehensive grasp of risk management principles and established control frameworks.
Extensive experience in conducting audits, performing compliance reviews, and ensuring adherence to regulatory requirements.
Proficient in utilizing security tools and platforms that facilitate governance and compliance initiatives.
Proficiency in financial services, fintech, or telecommunications would be considered an asset.
Qualifications
BA/BSc/HND
Experience Required
5 - 9 years
