Senior Specialist, Information Security Governance, Risk & Compliance
Cellulant
full-time
Posted on:
Location Type: Hybrid
Location: Lagos • Nigeria
Visit company websiteExplore more
Job Level
About the role
- Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.
- Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.
- Maintain policy frameworks, standards, guidelines, and procedures.
- Ensure timely closure of information security findings across the business.
- Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).
- Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.
- Own and evolve the Cellulant’s Business Continuity Management System (BCMS).
- Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.
- Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.
- Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.
- Support implementation of privacy-by-design and privacy-by-default controls.
- Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).
- Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.
- Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.
- Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.
- Design and promote security and privacy awareness programs.
Requirements
- 5–8+ years of experience in Information Security, GRC, audit, privacy, or risk management roles
- Proven experience working in or supporting the BFSI sector, with strong understanding of industry regulatory, privacy, and security obligations
- Business Continuity Management hands-on experience, including running BIAs, maintaining BC/DR plans, and coordinating DR/BC exercises
- Deep familiarity with frameworks and standards such as: ISO 27001/27002, NIST CSF, PCI DSS, and SOC 2 and ISO 22301
- GDPR (EU), NDPA (Nigeria) and other global/regional data privacy laws
- Strong understanding of cloud security principles (AWS)
- Demonstrated experience producing documentation, process improvements, risk reports, and audit deliverables
- Experience working cross-functionally with technical and non-technical teams.
- One or more of the following (or equivalent): Information Security: CISSP, CISM, SSCP, ISO 27001 Lead Implementer/Auditor Business Continuity: CBCP, ISO 22301 Lead Implementer/Auditor Privacy: CIPP/E, CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, certified DPO Risk & Compliance: CRISC, CGEIT.
Benefits
- Generous personal time off
- Medical and life insurance benefits (markets permitting)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Information Security Management System (ISMS)risk assessmentsBusiness Continuity Management (BCM)Business Impact Analyses (BIA)cloud security principlesprivacy-by-designprivacy-by-defaultdocumentationprocess improvementsaudit deliverables
Soft skills
leadershipcross-functional collaborationcommunicationorganizational skillsproblem-solvinganalytical skillsattention to detailadaptabilitycritical thinkingteam coordination
Certifications
CISSPCISMSSCPISO 27001 Lead ImplementerISO 27001 AuditorCBCPISO 22301 Lead ImplementerISO 22301 AuditorCIPP/ECDPSE