Security Governance, Risk & Compliance (GRC) Analyst
Share
Job Location:
Monthly Salary:
Posted on:
18 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Responsibilities:-
Security Compliance Monitoring
Design implement and manage a continuous security compliance monitoring programme covering network application endpoint and cloud environments.
Monitor compliance with the CBN Cybersecurity Framework NDPR/NDPA ISO 27001 PCI-DSS and other applicable standards.
Develop and maintain compliance dashboards and real-time alerting mechanisms for security control deviations.
Conduct periodic compliance assessments against regulatory baselines and internal security policies.
Track remediation of identified compliance gaps and report status to the Head of Systems Audit & Security Compliance.
Maintain an up-to-date register of all applicable security regulations frameworks and control obligations.
Liaise with regulators external auditors and certification bodies on compliance reviews and audit exercises.
Security Testing
Plan coordinate and execute regular security testing activities including vulnerability assessments penetration testing and red team exercises.
Conduct application security testing (SAST/DAST) on Credit Directs digital platforms APIs and mobile applications.
Perform configuration reviews of network devices servers cloud infrastructure and identity management systems.
Validate security controls effectiveness through structured control testing and evidence-based assurance.
Manage relationships with third-party penetration testing vendors and review their deliverables for quality and completeness.
Track prioritise and drive remediation of vulnerabilities identified through testing activities.
Produce detailed security testing reports with risk-rated findings and actionable recommendations.
Threat Modelling
Develop and maintain a structured threat modelling programme using industry frameworks (STRIDE MITRE ATT&CK PASTA).
Conduct threat modelling exercises for new products platforms system changes and third-party integrations prior to deployment.
Identify attack vectors threat actors and potential impact scenarios relevant to Credit Directs business model and technology stack.
Produce threat landscape reports and advisories for consumption by IT Product and Senior Management.
Map identified threats to existing controls and identify control gaps requiring remediation.
Maintain and update the organisations threat register in alignment with the evolving Nigerian and global cyber threat environment.
Collaborate with IT Architecture and Product Development teams to embed security-by-design principles.
Incident Response & Reporting
Develop maintain and test Credit Directs Incident Response Plan (IRP) in alignment with CBN and NDPC requirements.
Serve as a key responder in the identification containment eradication and recovery phases of security incidents.
Lead or support digital forensic investigations in collaboration with IT Legal and where applicable law enforcement agencies.
Ensure timely regulatory notification of security incidents to the CBN NITDA/NDPC and other bodies as required by law.
Produce post-incident analysis reports including root cause analysis lessons learned and corrective action plans.
Coordinate tabletop exercises and incident simulation drills to test organisational readiness.
Maintain an incident register and track the closure of all incident-related remediation actions.
Report incident trends key risk indicators and security metrics to Management and Board-level committees as required.
Other Support
Ensure compliance with relevant laws regulations and internal policies related to information security and data protection.
Maintain up-to-date knowledge of regulatory changes emerging threats and industry best practices.
Support security awareness training and communicate compliance obligations to staff across the organisation.
Other general administrative duties and responsibilities as assigned by the Head of Unit/Department.
Job Requirements:
Education/ Professional Qualification:
. in STEM Management Sciences or a related field.
Recognized industry certifications in cybersecurity and information security (e.g. CISSP CISM CEH CompTIA Security OSCP ISO 27001 Lead Implementer/Auditor CISA).
Additional certifications in incident response or threat intelligence (e.g. GCIH GCFE CTIA) are an advantage.
Experience:
Minimum 3 years of relevant experience in cybersecurity information security compliance or a related function.
Demonstrable hands-on experience in at least two of the four core areas: security monitoring security testing threat modelling or incident response. Experience in financial services fintech or digital lending is strongly preferred. Familiarity with the CBN Cybersecurity Framework NDPR/NDPA and PCI-DSS is required.
Competencies Requirements:
Technical
Proficiency in security monitoring platforms (e.g. SIEM tools Splunk IBM QRadar Microsoft Sentinel or equivalent).
Hands-on experience with vulnerability scanning and penetration testing tools (e.g. Nessus Burp Suite Metasploit Nmap).
Knowledge of threat modelling frameworks: MITRE ATT&CK etc.
Understanding of network security endpoint detection and response (EDR) firewalls and IDS/IPS systems.
Familiarity with digital forensics tools and evidence handling procedures.
Knowledge of cloud security principles (AWS Azure or GCP security controls) is an advantage.
Understanding of secure SDLC DevSecOps and application security testing (SAST/DAST).
Behavioral:
Analytical and structured problem-solving ability
High attention to detail and methodical approach to investigations
Strong written and verbal communication ability to translate technical findings for non-technical audiences
Ability to work under pressure and manage multiple priorities simultaneously
High integrity discretion and objectivity
Collaborative mindset with the ability to work cross-functionally
Proactive risk mindset anticipates threats rather than reacts to them
Required Experience:
IC
