Security GRC Officer at Paystack

As a member of the security team, you will contribute to the Security Organization by presenting your technical expertise with a balanced approach to communication and a bias for action. You will be required to work with a team of information security professionals, other teams within Paystack, and Paystack's customers to map out and effect change across Paystack’s information security landscape. You will leverage your experience across various tools and processes to establish policies and standards across the company.

Key responsibilities

The responsibilities of a security analyst (GRC) at Paystack include:

• Contributing to establishing strategic information security objectives across Paystack.
• Contributing to the strategic direction for Security Governance, Risk Management, and Compliance that align with overarching Security objectives of the company
• Understanding the unique challenges of securing the Paystack platform across different markets and demographics
• Identifying control gaps and testing the design of existing controls
• Determining risk management controls and recommending improvements to company-wide controls
• Ability to work effectively with a team to execute various security projects, evaluate controls and plan around solutions
• Ability to communicate effectively
• Ability to own and manage portions of the security program and provide consistent status updates to Security Leadership regarding progress against objectives
• Raise accountability by escalating issues in a timely manner and creating and maintaining detailed documentation
• Stay up-to-date with trends in the information security community
• Operate with a sense of ownership, urgency, and drive
• Ability to distill controls across multiple regulatory requirements and frameworks for visibility into defence mechanism, strengths and gaps
• Contribute to the development of our Internal vendor risk management program; this involves working with vendors and partners to ensure they have appropriate controls in place
• Documenting exceptions to establish security policies, guidelines and standards; ensuring exceptions are reviewed periodically
• Collaborate on internal communications for information security messaging for the enterprise.
• Work with security leadership to develop a strategy for security training and awareness programs.

Required

• Experience with information security governance, risk and compliance experience for a global organization (preferably with reliance on cloud computing)
• Experience developing and publishing company-wide policies, standards, and other governance documents
• Experience in implementing industry standards frameworks/regulations such as Secure Controls Framework (SCF), ISO 27001, NIST Cybersecurity Frameworks, Business Continuity (as it aligns with ISO22301)
• Ability to manage and prioritize multiple tasks and projects and assist/advise your team in establishing appropriate priorities
• Ability to manage key customer relationships, including with senior management across business units
• Ability to influence a cross-functional and cross-business unit team to accomplish goals
• Excellent analytical skills and ability to learn quickly
• Excellent written and verbal communication skills