Information Security Governance Engineer

Governance & Policy

• Develop, review, and maintain information security policies, standards, procedures, and guidelines.
• Ensure alignment with recognized frameworks and standards (e.g. ISO/IEC 27001, PCIDSS, CBN Cybersecurity Framework).
• Define security governance structures, roles, and decision‑making processes.

Risk Management

• Support enterprise information security risk assessments and risk treatment plans.
• Maintain the security risk register and track remediation activities.
• Advise business units on risk acceptance, mitigation, transfer, or avoidance.

Compliance & Regulatory Assurance

• Ensure compliance with applicable laws, regulations, and contractual requirements (e.g. NDPR, CBN Cybersecurity Framework, PCI DSS, ISO 27001).
• Coordinate internal and external audits, assessments, and certifications.
• Track and remediate audit findings and compliance gaps.

Metrics, Reporting & Assurance

• Define and maintain security governance KPIs, KRIs, and dashboards.
• Prepare security posture reports for management, risk committees, and auditors.
• Support board‑level and executive reporting on information security matters.

Third‑Party & Vendor Security Governance

• Support third‑party security risk assessments and due diligence processes.
• Review supplier security controls and contractual security clauses.
• Monitor ongoing compliance of critical vendors.

Awareness & Continuous Improvement

• Support security awareness and policy training initiatives.
• Monitor regulatory changes and emerging governance trends.
• Drive continuous improvement of governance and control maturity.