# Information Security Governance Engineer

**Company:** [Renmoney](http://jobs.workable.com/companies/2xKnWVQCw1utVmojgh5fMH.md)
**Location:** Lagos, Nigeria
**Workplace:** hybrid
**Employment type:** Full-time
**Department:** Information Technology Security

[Apply for this job](http://jobs.workable.com/view/ac265b25-6804-47ef-9512-92b7016fcf79)

## Description

**Governance & Policy**

-   Develop, review, and maintain information security policies, standards, procedures, and guidelines.
-   Ensure alignment with recognized frameworks and standards (e.g. ISO/IEC 27001, PCIDSS, CBN Cybersecurity Framework).
-   Define security governance structures, roles, and decision‑making processes.

**Risk Management**

-   Support enterprise information security risk assessments and risk treatment plans.
-   Maintain the security risk register and track remediation activities.
-   Advise business units on risk acceptance, mitigation, transfer, or avoidance.

**Compliance & Regulatory Assurance**

-   Ensure compliance with applicable laws, regulations, and contractual requirements (e.g. NDPR, CBN Cybersecurity Framework, PCI DSS, ISO 27001).
-   Coordinate internal and external audits, assessments, and certifications.
-   Track and remediate audit findings and compliance gaps.

**Metrics, Reporting & Assurance**

-   Define and maintain security governance KPIs, KRIs, and dashboards.
-   Prepare security posture reports for management, risk committees, and auditors.
-   Support board‑level and executive reporting on information security matters.

**Third‑Party & Vendor Security Governance**

-   Support third‑party security risk assessments and due diligence processes.
-   Review supplier security controls and contractual security clauses.
-   Monitor ongoing compliance of critical vendors.

**Awareness & Continuous Improvement**

-   Support security awareness and policy training initiatives.
-   Monitor regulatory changes and emerging governance trends.
-   Drive continuous improvement of governance and control maturity.

## Requirements

-   Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
-   Minimum of 5–9 years’ experience in information security governance, risk, and compliance (GRC).
-   Hands-on experience implementing or managing security frameworks (e.g., ISO 27001, CBN Cybersecurity Framework, NDPR, PCI DSS).
-   Strong understanding of risk management methodologies and control frameworks.
-   Experience working with audits, compliance reviews, and regulatory requirements.
-   Familiarity with security tools and platforms supporting governance and compliance activities.
-   Experience in financial services, fintech, or telecommunications is an added advantage.