• Application Deadline:
• Position: Senior Specialist: Information Security Governance, Risk & Compliance (GRC)



• Job Type Full Time , Hybrid



• Qualification BA/BSc/HND



• Experience 5 - 8 years



• Location Lagos




• Job Field ICT / Computer 
  
  

Role Overview: 

• We are seeking a highly skilled and experienced Information Security Governance, Risk & Compliance (GRC) to join our team as a senior individual contributor. This role is responsible for driving the organization's information security, privacy, cyber risk management, and business continuity standards in alignment with global best practices and regulatory requirements.


• The ideal candidate will bring extensive experience within BFSI (Banking, Financial Services & Insurance) environments and have strong technical understanding of information security frameworks, cybersecurity regulatory compliance, business continuity management, and data privacy obligations.

What You’ll Do: 

Governance, Risk & Compliance

• Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.


• Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.


• Maintain policy frameworks, standards, guidelines, and procedures.


• Ensure timely closure of information security findings across the business


• Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).


• Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.

Business Continuity & Resilience

• Own and evolve the Cellulant’s Business Continuity Management System (BCMS).


• Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.


• Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.


• Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.


• Ensure alignment with ISO 22301 and BFSI resilience expectations.

Privacy & Data Protection

• Support implementation of privacy-by-design and privacy-by-default controls.


• Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).


• Work closely with Legal & Compliance, Product, Engineering and HR teams to ensure personal data handling aligns with regulatory expectations and internal privacy policies.


• Conduct Data Protection Impact Assessments (DPIAs) and privacy risk assessments.

Third-Party Risk & Vendor Security Assessments

• Lead the end-to-end Third-Party Security Assessment process for new and existing vendors.


• Assess third-party controls using industry frameworks (e.g., ISO 27001, NIST CSF, SOC 2, PCI DSS).


• Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.


• Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.


• Work with procurement/supply chain, legal, and business owners to ensure appropriate contractual security, data privacy/protection, business continuity clauses and risk mitigation measures are in place.


• Maintain and track third-party risks, findings, and remediation activities.


• Support periodic reassessments and ongoing monitoring for high-risk suppliers.

Security Awareness & Advisory

• Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.


• Design and promote security and privacy awareness programs.


• Support third-party risk assessments and vendor due diligence activities.


• Act as an internal advocate for strong security, privacy, and resilience practices.

What We’re Looking For

• 5–8+ years of experience in Information Security, GRC, audit, privacy, or risk management roles.


• Proven experience working in or supporting the BFSI sector, with strong understanding of industry regulatory, privacy, and security obligations.


• Business Continuity Management hands-on experience, including running BIAs, maintaining BC/DR plans, and coordinating DR/BC exercises.


• Deep familiarity with frameworks and standards such as: ISO 27001/27002, NIST CSF, PCI DSS, and SOC 2 and ISO 22301.


• GDPR (EU), NDPA (Nigeria) and other global/regional data privacy laws


• Strong understanding of cloud security principles (AWS).


• Demonstrated experience producing documentation, process improvements, risk reports, and audit deliverables.


• Experience working cross-functionally with technical and non-technical teams.

Preferred Certifications

One or more of the following (or equivalent):

• Information Security: CISSP, CISM, SSCP, ISO 27001 Lead Implementer/Auditor


• Business Continuity: CBCP, ISO 22301 Lead Implementer/Auditor


• Privacy: CIPP/E, CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, certified DPO


• Risk & Compliance: CRISC, CGEIT.

Key Competencies

• Strong analytical and risk-based decision-making skills.


• Excellent communication skills, including ability to influence at all levels.


• High ownership, independence, and ability to operate as a senior individual contributor.


• Strong documentation, organization, and stakeholder management capability.


• Ability to manage multiple initiatives and work effectively under pressure.

Added Advantage

• Strong technical background and understanding of secure software development practices


• Strong understanding of microservice architecture


• Technical skills e.g. software development, scripting, automation, AI in SecOps etc.