Infosec and GRC Officer at Verto Nigeria

Verto is a global B2B payments solution that helps businesses send money to anyone, anywhere. Using a purposefully built tech infrastructure and payment rails, you can instantly send and receive money in over 200 countries. Today, Verto helps 1000+ customers from startups, SMEs to large corporate companies convert millions of dollars per year. Using our liquidity and price discovery marketplace solution, new customers can convert between 49 currencies, open bank account or wallets in seconds and make payments on a single platform.

We are recruiting suitable candidates to fill the position below:

Job Title: Infosec and GRC Officer

Location: Lagos
Employment Type: Full-time

Job Description
In this role you will:

• Develop and Implement Security Policies: Support the creation and continuous improvement of information security, governance, and privacy policies aligned with ISO 27001, PCI DSS, GDPR, and SOC2 to support business operations.
• Maintain Compliance Certifications: Lead internal and external audit preparations, remediate findings, and maintain compliance for certifications such as ISO 27001, SOC 2, and PCI DSS.
• Perform Risk Assessments: Identify, assess, and document security risks across teams, processes, key cloud-based and SaaS environments, providing actionable remediation plans.
• Manage Third-Party Risks: Conduct third-party vendor security assessments and ensure service providers comply with contractual and regulatory security obligations.
• Strengthen Security Awareness: Develop and deliver security awareness training to employees, tailored to specific job roles to reinforce compliance and data protection responsibilities.
• Prepare Governance Reports: Create governance and risk reports for leadership, including dashboards that track security metrics and compliance status.
• Collaborate with Cross-Functional Teams: Partner with engineering, operations, and product teams to integrate security and GRC practices into the key business processes.
• Drive Continuous Improvement: Stay abreast of information security compliance and regulatory changes, industry threats, and emerging security trends to enhance the company’s risk and compliance program.

Responsibilities

• Conduct Risk Assessments and Audits: Identify, assess, and document information security risks through regular audits and risk assessments, and ensure corrective actions are taken.
• Data Protection and Privacy Risk Management:
• Identify, assess, and document data protection and privacy risks through regular assessments, including Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for systems handling personal data. Collaborate with internal stakeholders to ensure audits comprehensively cover data protection controls, address non-compliance or privacy risks, and implement corrective actions promptly to mitigate potential impacts on personal data.
• Compliance Program Management: Collaborate with the Information Security Manager and external consultants to design, implement, and maintain governance and compliance programs to ensure the company meets regulatory standards such as ISO 27001, PCI DSS, GDPR, and SOC 2.
• Compliance Monitoring and Reporting: Monitor compliance status and risk management activities, and prepare detailed governance reports for leadership that outline key risk areas and mitigation efforts.
• Policy and Procedure Collaboration: Collaborate with various departments to implement policies, procedures, and controls that align with business objectives and regulatory requirements.
• Regulatory Awareness: Stay informed of changes to laws, regulations, and industry standards and ensure that internal policies remain up-to-date and compliant.
• Third-Party Risk Management: Conduct thorough security assessments of vendors and service providers, ensuring third-party agreements comply with security and privacy policies.
• Training and Awareness: Create and deliver regular security awareness training to employees, ensuring all staff understand data classification, data protection practices, and incident reporting procedures.

Skills and Qualifications

• Bachelor’s Degree in Information Technology, Cybersecurity, Computer Engineering, Computer Science, or a related field. Relevant experience may substitute for formal education if it demonstrates equivalent expertise.
• Minimum of 3 years of experience in Governance, Risk, and Compliance (GRC) roles, preferably as a consultant or within a fintech or SaaS-based organization.
• Certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CISA, or equivalent are highly desirable.
• Strong knowledge of security frameworks, including ISO 27001, PCI DSS, GDPR, and NIST.
• Exceptional analytical skills with the ability to interpret risk and compliance data and provide actionable insights.
• Excellent communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.
• Strong project management abilities, capable of handling multiple priorities in a fast-paced environment.
• High attention to detail and exceptional documentation skills, with experience in drafting and maintaining policies, procedures, and processes critical to governance and compliance activities.

Application Closing Date
Not Specified.