Cybersecurity Governance & Risk Analyst (Jnr)
at Kora
Job-Type: Remote | Location: Lagos, Nigeria | Industry: Information Security
Description
Kora is a payment infrastructure for Africa. We offer plug-and-play payment solutions for businesses to launch a tailored payment experience for their customers. At the front and center of what we do every day, we are creating a future void of digital financial barriers across Africa. We are committed to delivering secure, reliable, and easy-to-use digital financial solutions to customers with a guarantee that they are improving their lives.
To achieve this mission, we need people like you. We value positive energy and clear communication and are committed to building an inclusive environment for people from every background. We strongly believe in our ability to find Water in the Desert and pick the Sands in the Ocean.
About the role
This is a high-impact, collaborative role responsible for driving outcomes within the Information Security team. You would be working with relevant stakeholders across the different teams within the organization to implement Information Security standards and ensure the organization maintains compliance with industry standards and regulatory requirements.
- As a Cyber Security Governance & Risk Analyst at Kora, you will be responsible for protecting the organization’s information systems and data, by setting policies, monitoring compliance, and following defined procedures to identify, assess and manage risks from external and internal threats, all guided by the organization’s view of risk.
- This position is responsible for overseeing the risk management process and contributing to the resolution of complex issues by working with risk owners, general business managers, or colleagues in other departments such as Engineering, to manage policies and risks in the context of the organization’s high-level objectives and values.
- The ideal candidate has technical knowledge and expertise that will help define and implement robust security strategies, frameworks, and governance processes.
- Reporting Relationships & Stakeholder Engagement: Report to the CISO and working as part of the busy Cybersecurity Governance unit and the Information Security Team
- Working collaboratively with other Cybersecurity Governance & Risk Analysts, our CISO (Chief Information Security Officer), Engineering, Product Management, Product Design, Marketing, HR, and Compliance to ensure compliance with industry standards and regulatory requirements are being carried out in a professional, timely manner.
- Strong working relationship with Managing Team / Directors / Team Leads around the business.
Requirements
What you’ll be doing
- Collaborate with other members of the Information security team to perform risk assessment and recommend changes to procedures and systems to comply with global Information security standards
- Collaborate with other members of the Information security team to provide a review of the organization’s ability to protect its information assets and its preparedness against cyber threats
- Ensure required Information Security policies and procedures are reviewed and updated in line with the Management System Standards
- Carry out periodic internal reviews/audits to ensure that documented IT and cybersecurity procedures are followed.
- Ensure that the organization complies with legal and regulatory requirements
- Evaluate the security posture of third-party vendors and work with them to meet security requirements
- Monitor and enforce compliance with Information Security policies and procedures according to PCI DSS regulatory standards
- Work together with other members of the team to ensure the organization maintains the PCI DSS, ISO 27001 certification
- Work together with cross-business units to manage policies and risks in the context of the organization’s objectives and values.
- Other duties as assigned by the CISO.
What you’ll need
- Minimum of 1-2 years experience as a Cyber Security Governance & Risk Analyst.
- Minimum of a Bachelor’s degree certificate
ISO/IEC 27001/27017/27032 Lead Implementer Certified is desirable - Excellent verbal and written communication, especially in producing formal documents that are comprehensive and without ambiguities
- Ability to assess the likelihood (taking account of vulnerabilities and threats) and impact of cyber-attack techniques and deliberate or unintentional damaging actions by people within the organization
- Ability to present logical, objective reasons for all decisions made
- Ability to encourage and support colleagues, including those in other departments, to achieve shared objectives
- Ability to work effectively within organizational policies, procedures, and security & legal constraints
- Experience in applying risk management methodologies
Ability to assess the compliance of procedures and practice with agreed standards - Problem-solving and analytical skills.
- Self-motivated individual who is adaptive to change.
- Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!
Interview Process
Below is the interview process you can expect for this role. It may look like a lot of steps, but rest assured that we move quickly and the steps are designed to help you get the information needed to determine if we’re the right fit for you… Interviewing is a two-way street, after all!
We expect the interview process to take a maximum of 3 weeks and an average of 2.5 hours in total. Please note that the interview is virtual.
👋 Introduction Stage – we have initial conversations to get acquainted with you and overall experience.
[15m] Recruiter Screen – Abayomi Ishmael
Feedback from the Recruiter (Abayomi Ishmael)
🧑💻 [60m] Team Interview Stage (Information Security team) – We proceed to explore your professional experience in greater detail, assess your technical depth, and facilitate introductions to team members, including those from various cross-functional areas.
[60m] Cultural Fit Interview (Our Core Values) – At this stage, you’ll engage in a conversation with Kora’s COO, the Head of People and Culture, and the head of the team you’re being considered for. The aim is to understand you better and assess the alignment of your beliefs and values with Kora’s distinctive culture. We’d like to emphasize that there are no right or wrong answers expected. However, we encourage you to maintain a positive attitude during this session.
Please note that you are welcome to ask questions and inquire during this process. We assure you of complete transparency throughout the interview process.
Working hours
Given that we are an all-remote company and hire almost anywhere in the world, we don’t have a location requirement for this role. However, your working hours must coincide with 9:00 am – 5:00 pm WAT for at least 40 hours/week.
Equal Opportunity Employer
Kora is an equal opportunity employer dedicated to building an inclusive and diverse workforce. All employment decisions are based on qualifications, experience, and business needs. We strongly encourage applications from underrepresented communities and diverse ethnic groups to apply.
If you need any accommodations to facilitate your participation in the recruitment process, please feel free to inform us. Any details you share will be used solely to ensure we can support and accommodate your needs appropriately
Benefits
- Health insurance
- Sponsored and tailored training
- Paid parental Leave
- Paid time-off
- Flexible work style
- Annual performance bonus
- Low-interest loans
- Employee assisted programs
- Day off on your birthday
- Employee resource groups that provide supportive communities within Kora
- Great company culture and the opportunity to work with a highly collaborative team building something great!
Note: We recognize imposter syndrome is real – any candidate who does not perfectly fit every characteristic of this role is still strongly encouraged to apply.
Apply Here