datatrota
Signup Login
Home Jobs Blog

Senior Specialist: Information Security Governance, Risk & Compliance (GRC) at Cellulant

CellulantLagos, Nigeria Cybersecurity
Full Time
Cellulant is a mobile commerce and content company that manages delivers and bills for digital content and commerce service actualized over telecom network. The industry defines this segment as mobile Value Added Service (VAS) or Wireless Premium Rate Service Provider (PRSP) We are a member company of the Cellulant group which has commercial services running in Kenya, Ghana, Malawi, Nigeria, Zambia, South Africa , Uganda , Botswana and the EU. Cellulant Nigeria have rolled an innovative and top-class business and technolgy solutions to banks, multinational companies like Guinness Nigeria Plc being her technology partner in the 'Guinness Greatest Eleven Nigerian football legend’o, Pepsi Sponsored FIFA U-17 football tournament hosted by South Korea, Procter and Gamble(P&G), Nigerian Breweries, automobile giants like Toyota Nigeria Limited, Fast moving and consumer goods (FMCGs) companies like Unilever, Mr. Biggs and a host of other companies like Promasidor, Smithline and Beechams SKG etc.

Role Overview: 

  • We are seeking a highly skilled and experienced Information Security Governance, Risk & Compliance (GRC) to join our team as a senior individual contributor. This role is responsible for driving the organization's information security, privacy, cyber risk management, and business continuity standards in alignment with global best practices and regulatory requirements.
  • The ideal candidate will bring extensive experience within BFSI (Banking, Financial Services & Insurance) environments and have strong technical understanding of information security frameworks, cybersecurity regulatory compliance, business continuity management, and data privacy obligations.

What You’ll Do: 

Governance, Risk & Compliance

  • Develop, maintain, and enhance the Information Security Management System (ISMS) based on ISO 27001/27002 or equivalent standards.
  • Conduct enterprise-wide information security risk assessments, risk treatment planning, and continuous control monitoring.
  • Maintain policy frameworks, standards, guidelines, and procedures.
  • Ensure timely closure of information security findings across the business
  • Manage compliance with industry regulations and BFSI-specific frameworks (e.g., PCI DSS, SOC 2, ISO 27017/18, ISO 27032, local data protection acts).
  • Track and report security posture, cyber risk exposure, key metrics, and compliance maturity to leadership.

Business Continuity & Resilience

  • Own and evolve the Cellulant’s Business Continuity Management System (BCMS).
  • Lead the development, review, and testing of BCPs, DR plans, and crisis management procedures.
  • Conduct Business Impact Analyses (BIAs) and risk assessments across critical business functions.
  • Coordinate and lead resilience exercises, tabletop simulations, and post-incident reviews.
  • Ensure alignment with ISO 22301 and BFSI resilience expectations.

Privacy & Data Protection

  • Support implementation of privacy-by-design and privacy-by-default controls.
  • Monitor compliance with relevant data protection and privacy laws (e.g., GDPR, regional data protection regulations).
  • Work closely with Legal & Compliance, Product, Engineering and HR teams to ensure personal data handling aligns with regulatory expectations and internal privacy policies.
  • Conduct Data Protection Impact Assessments (DPIAs) and privacy risk assessments.

Third-Party Risk & Vendor Security Assessments

  • Lead the end-to-end Third-Party Security Assessment process for new and existing vendors.
  • Assess third-party controls using industry frameworks (e.g., ISO 27001, NIST CSF, SOC 2, PCI DSS).
  • Review vendor security questionnaires, external audit reports, penetration test summaries, and data protection agreements.
  • Evaluate cloud, SaaS, managed services, and critical suppliers for compliance with BFSI security and privacy requirements.
  • Work with procurement/supply chain, legal, and business owners to ensure appropriate contractual security, data privacy/protection, business continuity clauses and risk mitigation measures are in place.
  • Maintain and track third-party risks, findings, and remediation activities.
  • Support periodic reassessments and ongoing monitoring for high-risk suppliers.

Security Awareness & Advisory

  • Provide expert GRC advisory support to cross-functional teams including IT, engineering, operations, legal, compliance and product.
  • Design and promote security and privacy awareness programs.
  • Support third-party risk assessments and vendor due diligence activities.
  • Act as an internal advocate for strong security, privacy, and resilience practices.

What We’re Looking For

  • 5–8+ years of experience in Information Security, GRC, audit, privacy, or risk management roles.
  • Proven experience working in or supporting the BFSI sector, with strong understanding of industry regulatory, privacy, and security obligations.
  • Business Continuity Management hands-on experience, including running BIAs, maintaining BC/DR plans, and coordinating DR/BC exercises.
  • Deep familiarity with frameworks and standards such as: ISO 27001/27002, NIST CSF, PCI DSS, and SOC 2 and ISO 22301.
  • GDPR (EU), NDPA (Nigeria) and other global/regional data privacy laws
  • Strong understanding of cloud security principles (AWS).
  • Demonstrated experience producing documentation, process improvements, risk reports, and audit deliverables.
  • Experience working cross-functionally with technical and non-technical teams.

Preferred Certifications

One or more of the following (or equivalent):

  • Information Security: CISSP, CISM, SSCP, ISO 27001 Lead Implementer/Auditor
  • Business Continuity: CBCP, ISO 22301 Lead Implementer/Auditor
  • Privacy: CIPP/E, CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, certified DPO
  • Risk & Compliance: CRISC, CGEIT.

Key Competencies

  • Strong analytical and risk-based decision-making skills.
  • Excellent communication skills, including ability to influence at all levels.
  • High ownership, independence, and ability to operate as a senior individual contributor.
  • Strong documentation, organization, and stakeholder management capability.
  • Ability to manage multiple initiatives and work effectively under pressure.

Added Advantage

  • Strong technical background and understanding of secure software development practices
  • Strong understanding of microservice architecture
  • Technical skills e.g. software development, scripting, automation, AI in SecOps etc.

Method of Application

Signup to view application details. Signup Now
Signup to Apply Email Job

More jobs like this

View More Jobs →
Email Job Signup to Apply

Job Overview

  • Published on: 20 January, 2026
  • Employment Status: Full Time
  • Field: Cybersecurity
  • Work Mode: Hybrid
  • Job Location: Lagos, Nigeria
  • Qualification: BSc
  • Experience: 5 to 8 years
  • Salary:
  • Skills: AWS, Cloud security
  • Application Deadline: Not specified
Full Time
X

Send this job to a friend