Information Security Governance Engineer

Role Overview

• Develop, review, and maintain information security policies, standards, procedures, and guidelines.
• Ensure alignment with recognized frameworks and standards (e.g. ISO/IEC 27001, PCIDSS, CBN Cybersecurity Framework).
• Define security governance structures, roles, and decision‑making processes.
• Support enterprise information security risk assessments and risk treatment plans.
• Maintain the security risk register and track remediation activities.
• Advise business units on risk acceptance, mitigation, transfer, or avoidance.
• Ensure compliance with applicable laws, regulations, and contractual requirements (e.g. NDPR, CBN Cybersecurity Framework, PCI DSS, ISO 27001).
• Coordinate internal and external audits, assessments, and certifications.
• Track and remediate audit findings and compliance gaps.
• Define and maintain security governance KPIs, KRIs, and dashboards.
• Prepare security posture reports for management, risk committees, and auditors.
• Support board‑level and executive reporting on information security matters.
• Support third‑party security risk assessments and due diligence processes.
• Review supplier security controls and contractual security clauses.
• Monitor ongoing compliance of critical vendors.
• Support security awareness and policy training initiatives.
• Monitor regulatory changes and emerging governance trends.
• Drive continuous improvement of governance and control maturity.

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Minimum of 5–9 years’ experience in information security governance, risk, and compliance (GRC).
• Hands-on experience implementing or managing security frameworks (e.g., ISO 27001, CBN Cybersecurity Framework, NDPR, PCI DSS).
• Strong understanding of risk management methodologies and control frameworks.
• Experience working with audits, compliance reviews, and regulatory requirements.
• Familiarity with security tools and platforms supporting governance and compliance activities.
• Experience in financial services, fintech, or telecommunications is an added advantage.

Tech Stack

• Cyber Security