Senior Specialist: Information Security Governance, Risk & Compliance (GRC)

Cellulant • Lagos, Nigeria, Nigeria • 3w ago

About Cellulant:

Cellulant is Africa’s leading payments company, providing seamless, secure and innovative solutions that empower businesses, banks, and global brands to thrive in a fast-changing global economy.

With a presence in over 24 countries and 200+ payment methods across cards, bank transfer and mobile money, our single API payment platform, Tingg, simplifies collections, disbursements, and reconciliations. It processes over 1 million transactions daily for market leaders in various sectors, such as Airlines, Telecoms, E-commerce, Ride-Hailing, Retail, and Remittances. By simplifying how people pay and get paid, we drive trust, commerce and scale – and connect companies to their ambitions.

Our Story:

Across Africa, payments are more than transactions. They are gateways to prosperity, connecting people, businesses and communities to opportunities and growth.

From enabling a logistics company in Lusaka to pay suppliers across borders, to enabling a hospitality brand in Lagos to scale effortlessly, to supporting an airline in Nairobi to reconcile payments from multiple platforms, Cellulant is the bridge that makes it all possible.

Through trusted technology and customer-centric innovation, we build connections that inspire progress, strengthen economies and transform payments into a tool for progress.

Since our founding in 2003, we've continuously adapted and grown, leveraging our experiences to simplify payments for businesses. We are driven by an unshakable belief that seamless people-centred payments are the key to unlocking prosperity.

Today, Cellulant powers online and offline payment processing, allowing businesses to collect payments, send payouts, and accelerate business growth.

Our Mission:

To deliver seamless, secure and innovative payment solutions for businesses.

Our Vision:

To create a connected world where businesses move money as easily as they share ideas.

Role Overview:

We are seeking a highly skilled and experienced Information Security Governance, Risk & Compliance (GRC) to join our team as a senior individual contributor. This role is responsible for driving the organization's information security, privacy, cyber risk management, and business continuity standards in alignment with global best practices and regulatory requirements.

The ideal candidate will bring extensive experience within BFSI (Banking, Financial Services & Insurance) environments and have strong technical understanding of information security frameworks, cybersecurity regulatory compliance, business continuity management, and data privacy obligations.

What You’ll Do:

Governance, Risk & Compliance

Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.
Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.
Maintain policy frameworks, standards, guidelines, and procedures.
Ensure timely closure of information security findings across the business
Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).
Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.

Business Continuity & Resilience

Own and evolve the Cellulant’s Business Continuity Management System (BCMS).
Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.
Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.
Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.
Ensure alignment with ISO 22301 and BFSI resilience expectations.

Privacy & Data Protection

Support implementation of privacy-by-design and privacy-by-default controls.
Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).
Work closely with Legal & Compliance, Product, Engineering and HR teams to ensure personal data handling aligns with regulatory expectations and internal privacy policies.
Conduct Data Protection Impact Assessments (DPIAs) and privacy risk assessments.

Third-Party Risk & Vendor Security Assessments

Lead the end-to-end Third-Party Security Assessment process for new and existing vendors.
Assess third-party controls using industry frameworks (e.g., ISO 27001, NIST CSF, SOC 2, PCI DSS).
Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.
Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.
Work with procurement/supply chain, legal, and business owners to ensure appropriate contractual security, data privacy/protection, business continuity clauses and risk mitigation measures are in place.
Maintain and track third-party risks, findings, and remediation activities.
Support periodic reassessments and ongoing monitoring for high-risk suppliers.

Security Awareness & Advisory

Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.
Design and promote security and privacy awareness programs.
Support third-party risk assessments and vendor due diligence activities.
Act as an internal advocate for strong security, privacy, and resilience practices.

What We’re Looking For

5–8+ years of experience in Information Security, GRC, audit, privacy, or risk management roles.
Proven experience working in or supporting the BFSI sector, with strong understanding of industry regulatory, privacy, and security obligations.
Business Continuity Management hands-on experience, including running BIAs, maintaining BC/DR plans, and coordinating DR/BC exercises.
Deep familiarity with frameworks and standards such as: ISO 27001/27002, NIST CSF, PCI DSS, and SOC 2 and ISO 22301.

GDPR (EU), NDPA (Nigeria) and other global/regional data privacy laws

Strong understanding of cloud security principles (AWS).
Demonstrated experience producing documentation, process improvements, risk reports, and audit deliverables.
Experience working cross-functionally with technical and non-technical teams.

Preferred Certifications

One or more of the following (or equivalent):

Information Security: CISSP, CISM, SSCP, ISO 27001 Lead Implementer/Auditor
Business Continuity: CBCP, ISO 22301 Lead Implementer/Auditor
Privacy: CIPP/E, CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, certified DPO
Risk & Compliance: CRISC, CGEIT.

Key Competencies

Strong analytical and risk-based decision-making skills.
Excellent communication skills, including ability to influence at all levels.
High ownership, independence, and ability to operate as a senior individual contributor.
Strong documentation, organization, and stakeholder management capability.
Ability to manage multiple initiatives and work effectively under pressure.

Added Advantage

Strong technical background and understanding of secure software development practices
Strong understanding of microservice architecture
Technical skills e.g. software development, scripting, automation, AI in SecOps etc.

Why Work for Us?

At Cellulant, we are more than a payments company: we are bridge-builders. We believe that by simplifying the way people pay and get paid, we are connecting companies to their ambitions, people to opportunities, and Africa to the global economy. Our work goes beyond payments—it’s about what people, businesses, and communities can do when the movement of money becomes more dependable, seamless, and secure.

Some exciting things about us...

We have an extensive footprint: We have an office presence in 10 countries, and our products serve 24 countries across Africa, with a global workforce of about 300 employees.
We believe innovation is at the heart of Fintech: Thousands of market leaders and top enterprises trust our technology to power their payments. Our customers are in various sectors, including financial services, travel and hospitality, telecom, e-commerce, remittance companies, SaaS, and the gig economy.
We support a diverse and inclusive workforce: We focus on the growth and development of our employees through well-developed, individualised career paths, ensuring you reach your full potential in a supportive and delivery-oriented environment.
We put our employees first: At Cellulant, your contribution is rewarded competitively. We use clear career levels and role titles, and benchmark our base pay against data and a well-established internal process. Your actual salary will reflect your experience, skills, impact and the scope of the role, as well as our business needs and prevailing market conditions. We also offer generous personal time off, and medical and life insurance benefits (markets permitting).
We seek collaborative builders: At Cellulant, we believe that great ideas happen when we come together. Therefore, we nurture a collaborative work environment that challenges, engages, and empowers each person to contribute to the growth and success of the business.
We solve Africa's digital economy: We’re solving payment challenges on the continent to create opportunities and accelerate economic growth for all of Africa.