Platform Manager (Security) at Heirs Insurance Ltd

Job Overview

Location
Lagos, Lagos
Job Type
Full Time
Date Posted
3 days ago

Additional Details

Job ID
154974
Job Views
25

Job Description






The Role




  • The Platform Manager (Security) is the dedicated security authority for the platform, not a generic security function but an embedded owner living inside the software factory. Reporting to the Cybersecurity Director and working hand-in-hand with the Platform Manager, you sit at the intersection of platform engineering, DevSecOps, cybersecurity, legal, and vendor management. You own the definition, implementation, and strict enforcement of the platform's security posture across every team, system, and workstream. On a platform handling the financial data of millions of Africans, the goal isn't to make compromise impossible; it's to ensure any attempt is hard, incomplete, noisy, traceable, attributable, and commercially useless without the platform's infrastructure, credentials, pipelines, and integrations.



What You'll Do




  • Security Standards & Governance: Define, enforce, and continuously improve end-to-end security standards, policies, and controls covering encryption, identity, application security, network security, data protection, and compliance across every team and contributor.

  • Identity & Access Management: Own the platform's IAM framework, MFA for all human access, service-to-service authentication via short-lived tokens and managed identities, privileged access management, just-in-time elevation, session recording, and automatic expiry. Standing privileged access to production is prohibited without formal exception.

  • Source Code & Repository Integrity: Own security of the source-control environment end-to-end, repository segmentation by domain/team/access need, SSO and MFA across all contributors, branch protection with mandatory pull requests, CODEOWNERS approval and peer review, no direct commits or force-pushes to protected branches, secret scanning and push protection, and audit logs exported to SIEM. Access maps strictly to role and deliverable and is reviewed regularly.

  • Application Security: Own the secure development lifecycle, ensuring security is designed in, not retrofitted. Govern SAST, DAST, SCA, and secrets detection gates across all CI/CD pipelines. No service reaches production without passing every gate.

  • Encryption & Data Protection: Enforce AES-256 at rest and TLS 1.2+ in transit. Own key management through Azure Key Vault and AWS KMS, including rotation and access controls. Drive data classification, DLP enforcement, and protection of customer, payment, and authentication data.

  • Penetration Testing & Vulnerability Management: Commission penetration testing before every launch and on a regular cadence. Own vulnerability management, ensuring critical and high CVEs are tracked and remediated on agreed timelines. Critical findings must be resolved before go-live.

  • Regulatory Compliance: Own compliance posture across CBN guidelines, PCI DSS, and applicable data protection regulations in all operating markets, including data residency and cross-border transfer requirements.

  • Incident Response & Unified Monitoring: Own the Incident Response Plan (detection through post-incident review), escalating critical incidents within prescribed timelines. Maintain unified monitoring correlating repository logs, endpoint DLP telemetry, identity/VPN logs, and CI/CD activity, feeding SIEM for continuous alerting. All production systems monitored 24/7 with alerts routed to an active SOC.

  • Supply Chain & Container Security: Enforce container image scanning (Trivy), runtime threat detection (Falco), and dependency scanning (Snyk) in every pipeline. No container deploys without passing security gates.

  • Insider Threat, Endpoint & Workforce Risk: Define workstation security requirements (EDR, disk encryption, patching, compliance). Evaluate VDI/cloud-hosted dev environments with download/clipboard/USB controls for high-risk contributors. Implement insider-risk monitoring for abnormal behaviour (mass downloads, unusual clone volume, privilege escalation, post-termination access attempts), privacy-aware and integrated with SIEM/SOC.

  • Partner, IP & Third-Party Controls: Own security due diligence for partners and contractors, contractual IP/confidentiality/data protection/audit clauses, least-privilege time-bound access reviewed regularly and revoked on exit. Enforce structured offboarding and coordinate with Legal/HR on suspected IP infringement.

  • Security Architecture Collaboration: Partner with the Enterprise Architect, Platform Manager, and engineering leads so security is designed in from day one for every new service, feature, and integration.

  • Executive Reporting: Report regularly to the Cybersecurity Director on security posture, compliance, incidents, and risk. Represent the security function at leadership and board level as required.



What We're Looking For



Must Have




  • 8+ years in information security or cybersecurity, with proven ownership of a security function in a large-scale, cloud-native, or financial services environment

  • Deep expertise across the full security stack: IAM, encryption/key management, application security (SDLC, SAST, DAST, SCA), network security, DLP, and incident response

  • Strong hands-on cloud security knowledge on AWS and/or Azure, including native security services, IAM, private networking, zero-trust architecture, and cloud-native threat detection

  • Demonstrated experience owning regulatory compliance in financial services (PCI DSS, CBN guidelines, or equivalent)

  • Experience designing and operating a SOC function, including 24/7 monitoring, SIEM integration, alert management, and incident escalation

  • Active CISSP or CISM certification required



Nice to Have




  • CSSLP and/or CCSP certification

  • AWS Certified Security, Specialty and/or Microsoft SC-200 or SC-100

  • Hands-on experience with container and supply chain security tooling (Trivy, Falco, Snyk)

  • Familiarity with IaC security scanning (Terraform, Ansible, Bash) for misconfigurations, hardcoded secrets, and insecure defaults

  • Experience implementing insider threat monitoring in regulated financial services

  • Familiarity with African regulatory frameworks: CBN guidelines, NDPR, and data residency requirements



Similar Jobs

Full Time
Full Time

Cookies

This website uses cookies to ensure you get the best experience on our website. Cookie Policy

Accept