Infosec and GRC Officer @ Verto Nigeria

Others
Lagos, Nigeria
January 22, 2025
Full Time
Apply Now

Job Description

Jobs in Lagos, Nigeria.

Job Description

In this role, you will:

  • Develop and Implement Security Policies: Assist in creating and enhancing information security, governance, and privacy policies that align with ISO 27001, PCI DSS, GDPR, and SOC2 to support business operations.
  • Maintain Compliance Certifications: Lead the preparation for internal and external audits, address audit findings, and ensure the company maintains certifications such as ISO 27001, SOC 2, and PCI DSS.
  • Perform Risk Assessments: Identify, evaluate, and document security risks across teams, processes, and key cloud-based or SaaS environments, offering actionable remediation plans.
  • Manage Third-Party Risks: Perform security assessments of third-party vendors and ensure that service providers meet contractual and regulatory security obligations.
  • Strengthen Security Awareness: Create and deliver security awareness training to employees, customized to specific roles to reinforce compliance and data protection responsibilities.
  • Prepare Governance Reports: Develop governance and risk reports for leadership, including dashboards that track security metrics and compliance status.
  • Collaborate with Cross-Functional Teams: Work with engineering, operations, and product teams to integrate security and governance, risk, and compliance (GRC) practices into key business processes.
  • Drive Continuous Improvement: Stay updated on changes in information security compliance, regulatory developments, emerging industry threats, and trends to continuously enhance the company’s risk and compliance program.

Responsibilities

  • Conduct Risk Assessments and Audits: Regularly perform audits and risk assessments to identify, evaluate, and document information security risks, ensuring corrective actions are taken.
  • Data Protection and Privacy Risk Management: Identify, assess, and document data protection and privacy risks, including conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for systems that handle personal data. Collaborate with internal stakeholders to ensure audits address data protection controls and resolve non-compliance or privacy risks.
  • Compliance Program Management: Work with the Information Security Manager and external consultants to design, implement, and maintain governance and compliance programs to meet regulatory standards such as ISO 27001, PCI DSS, GDPR, and SOC 2.
  • Compliance Monitoring and Reporting: Track compliance status and risk management activities, and prepare detailed governance reports for leadership that highlight key risk areas and mitigation actions.
  • Policy and Procedure Collaboration: Partner with various departments to implement policies, procedures, and controls that align with business goals and regulatory requirements.
  • Regulatory Awareness: Stay informed about changes in laws, regulations, and industry standards to ensure internal policies remain up-to-date and compliant.
  • Third-Party Risk Management: Conduct thorough security assessments of vendors and service providers, ensuring third-party contracts comply with security and privacy policies.
  • Training and Awareness: Develop and deliver regular security awareness training to employees, ensuring they understand data classification, data protection practices, and incident reporting procedures.

Skills and Qualifications

  • Bachelor’s Degree in Information Technology, Cybersecurity, Computer Engineering, Computer Science, or a related field. Relevant experience may substitute for formal education if it demonstrates equivalent expertise.
  • At least 3 years of experience in Governance, Risk, and Compliance (GRC) roles, ideally as a consultant or within a fintech or SaaS organization.
  • Certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CISA, or equivalent are highly preferred.
  • Strong knowledge of security frameworks, including ISO 27001, PCI DSS, GDPR, and NIST.
  • Excellent analytical skills, with the ability to interpret risk and compliance data and provide actionable insights.
  • Exceptional communication skills, capable of explaining complex security concepts to both technical and non-technical audiences.
  • Strong project management skills, able to handle multiple priorities in a fast-paced environment.
  • High attention to detail and outstanding documentation skills, with experience drafting and maintaining policies, procedures, and processes critical to governance and compliance activities.

Source: From Company Career Portal/Other Job Boards.

https://jobs.ashbyhq.com/verto/b1a1b8a6-5e54-48b3-8d86-daf96e18a2ca

Related Jobs