Job Description

As a leader of the Information Security function , you will contribute to the business by presenting your technical expertise with a balanced approach to communication and a bias for action. You will be required to work with our leadership teams at all levels of the company to drive solutions that impact our platform for the good of and ultimately, our customers and stakeholders. You will leverage your experience across various tools and processes to establish policies and standards across the company.

What you’ll do
We are looking for a well-rounded leader who will be responsible for building the security program and improving our overall security posture. This area is very important to us as it is a requirement for us to be better positioned to meet the needs of our customers and enable trust with the mission of safeguarding our customers’ assets and data against an evolving landscape of sophisticated global and local threats.

Job Responsibilities

Strategy and Compliance:
Develop and implement a scalable information security strategy aligning with the company’s business objectives.
Ensure compliance with relevant laws, regulations, and industry standards, including PCI DSS, GDPR, and local Nigerian data protection laws (e.g., NDPR).
Ensure security architecture can adapt to and support the company’s growth trajectory.
Educate staff in the organization on the best IT practices and regulatory requirements.
Work closely with other high-level executives to develop all-encompassing security strategies within the organization’s context and goals.

Risk Management:
Own and manage the end-to-end security risk management framework. Identify, assess, and prioritize security risks across the organization, translating them into a clear risk posture for executive leadership and the board. Align security initiatives with the company's defined risk appetite.

Team Management:
Recruit, mentor, and lead a high-performing, multi-disciplinary security team. Foster a culture of continuous learning and development to stay ahead of emerging threats and technologies

Threat Intelligence and Incident Response:
Establish and mature a robust threat intelligence program to proactively identify, analyze, and mitigate emerging threats, particularly those targeting the African fintech ecosystem.
Design, operationalize, and regularly test our incident response, business continuity, and disaster recovery plans to ensure organizational resilience.

Security Architecture and Technology:
Oversee the design of secure systems and review application and infrastructure security architectures, ensuring scalability and adherence to security by design principles.
Implement proactive security measures and controls to prevent security breaches and minimize potential impact, including managing and implementing various security technologies and tools (e.g., SIEM, IDS/IPS, vulnerability scanners).
Lead the cloud security strategy, ensuring robust configuration, monitoring, and protection of our cloud infrastructure and services.

Financial Management and Justification:
Develop business cases that support information security program investments.
Obtain management support for information security program investments highlighted in the endorsed business cases.
Manage the security budget and forecast costs.

Communication and Stakeholder Engagement:
Disseminate the organization's information security goals and objectives to business units and senior management.
Represent the organization in security-related matters with external parties and stakeholders.
Manage key customer relationships, including with senior management across business units.
Influence cross-functional and cross-business units to accomplish strategic goals.

Training and Awareness:
Design and implement security awareness training programs for all staff.

Metrics and KPIs:
Develop and track relevant Key Performance Indicators (KPIs) such as incident response times, compliance audit results, and vulnerability management metrics.

Cross-functional Collaboration:
Work closely with the Engineering team and other technical departments to ensure security is integrated into all development and operational processes.