Information Security Governance Risk & Compliance Specialist
Black Pen Recruitment
- Nigeria
- Permanent
- Full-time
- Bachelors degree in discipline related to functional work or role
- Industry recognized certifications such as CISM, CRISC, CISA, or equivalent
- 7+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution.
- Experience working in an IT Governance, Risk and Compliance role
- Strong understanding of compliance frameworks including SOC 2 Type 2, ISO 27001, GDPR, PCI DSS
- Experience leading a company through an audit process for obtaining / maintaining compliance certification such as SOC 2 Type 2, ISO 27001, PCI DSS
- Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls.
- Very strong communication (verbal and written) skills and the ability to present with clarity
- Strong project management and organization skills
- Coordinate the development of best practice policies and standards based on various governance frameworks
- Ensure all IT controls are documented and assigned control owners to establish accountability.
- Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives
- Assist the IT Governance, Risk & Compliance function in maturing the Information
- Security and Technology Risk Management methodology through improvements in standardized risk assessments
- Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.).
- Monitoring IT controls across the organization
- Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.)
- Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units
- Policy creation, updates, and overall management and organization of shared documentation
- Control Self Assessments and Control Gap Analysis
- Third party risk management and reporting
- Support Security Due-diligence activities with both regulators and business prospects
- Maintaining a Risk Register
- Documenting and evaluating policy exception requests
- Responsible for developing and deriving KPIs from a controls baseline
- Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate
- Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program
- Creation, documentation and maintenance of governance processes to oversee IT GRC programs