About Company:
Korapay is a payment infrastructure servicing a wide band of businesses making local and international payments. We are a marketplace for digital financial services across Africa. Our vision, which is at the core of what we do every day, is to create a world void of digital financial barriers across Africa. We are committed to delivering reliable, secure, and easy to use digital financial solutions to every single customer with a guarantee that it is improving their lives.
Job Description:
Kora is seeking a methodical and strategic Cybersecurity GRC Analyst to join our security team. In this role, you will be the bridge between technical security controls and business objectives, ensuring our governance, risk, and compliance (GRC) programs are robust and effective. You will be responsible for maintaining our security policy framework, conducting rigorous risk assessments, and coordinating audits to ensure we remain compliant with global standards and local regulations.
The ideal candidate is a detail-oriented professional who can translate complex technical risks into clear business impacts while fostering a high-integrity security culture.
Requirements:
Governance & Policy Management
Framework Alignment: Develop and maintain information security policies and standards aligned with ISO 27001, NIST CSF, and CIS Controls.
Program Support: Support the implementation and monitoring of governance programs to ensure a unified security direction across the organization.
Awareness Training: Lead security awareness initiatives to promote a culture of proactive compliance and risk consciousness.
Risk Management & Assessment
Enterprise Risk: Conduct comprehensive risk assessments across applications, infrastructure, and vendors.
Risk Register: Maintain and update the organization’s central risk register, ensuring all potential threats are documented and prioritized.
Vendor Risk: Support third-party risk management (TPRM) processes to ensure partners meet our security standards.
Remediation Tracking: Monitor risk treatment plans and report on mitigation progress to the CISO and key stakeholders.
Compliance & Audit Coordination
Regulatory Compliance: Support compliance with industry requirements such as PCI DSS, SOC 2, and GDPR.
Audit Liaison: Coordinate internal and external audits, managing evidence collection and facilitating walkthroughs with auditors.
Gap Analysis: Perform control gap assessments and recommend actionable remediation steps to address audit findings.
Reporting: Assist in developing compliance dashboards and reports to provide management with visibility into the firm’s security posture.
Operational Support
Incident Compliance: Support incident response efforts from a regulatory and reporting perspective.
Control Testing: Assist in continuous monitoring and testing activities to ensure security controls remain effective over time.
Qualifications and Skills:
Education: Minimum of a Bachelor’s Degree in Cybersecurity, Information Technology, Law, or a related field.
Experience: 2–4 years of experience in cybersecurity GRC, IT risk management, compliance, or audit.
Technical Skills:
Standards: Strong understanding of ISO 27001, NIST, SOC 2, and PCI DSS.
Tools: Experience using GRC tools for tracking risks and compliance activities.
Methodologies: Hands-on experience with risk assessment methodologies and control frameworks.
Core Competencies:
Analytical Skills: Ability to assess complex environments and identify underlying risks.
Stakeholder Management: Excellent communication skills to interact with both technical teams and business leaders.
Documentation: Superior organizational skills with a focus on meticulous record-keeping.
Integrity: A high level of professionalism and ethical conduct.
Salary
Very attractiveApplication Closing Date: Not specified
Application Instructions:
Click the button below to apply
Job Information
Deadline
Not specified
Job Type
Full-time
Industry
Analyst
Work Level
Experienced
State
Not specified
Country
Nigeria