Job Title: Technical GRC Consultant (Mid Level)
Location: Lagos and Abuja
Our client is a leading IT Governance, Risk and Compliance (GRC) Consulting and Capacity Building firm in Africa. With a presence in 9 African Countries and accreditation to 2 global best practice standards (ISO27001 global Information Security standard and ISO9001 global Quality Management Standard) as well as being a Qualified Security Assessor (QSA) for the Payment Card Industry Data Security Standard (PCIDSS), we are in a class of our own.
MAIN PURPOSE OF THE JOB
The purpose of this position is to develop, design and own technical solutions on the company’s platform. We expect you to contribute with your expertise in administration, application development, maintenance and technical support. The ideal candidate would be agile, ability to perform duties independently under general, minimal supervision within specific assignments.
• Be a key part of GRC projects, end to end from consulting to implementation
• Apply GRC fundamentals incorporated in various processes.
• Understands and document information systems and processes correctly.
• Engage with clients to understand relevant solutions and advise them
• Understands information security controls and how they relate to engagement requirements.
• Raise awareness for clients and internal team around GRC.
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors
• Bachelor’s degree in an IT-related discipline
• Working knowledge of frameworks standards and regulations, including PCI, ISO 27001/22301/VAPT
• Possession of ISO 27001/22301/CEH valid certifications.
• Possession of ISO 9001, CISA, CISM, CISSP would be an advantage
• 3-5 years of experience in an information systems environment, with strong knowledge of IT Governance and Systems Information Security.