Data Protection and IT Risk Control Officer at Credit Direct Limited

Credit Direct Limited is a non-bank finance company with its Head-Quarters in Lagos, Nigeria. The company was established in 2006 and is focused on providing Payroll based consumer loans to eligible individuals. The Company currently operates in 25 states in Nigeria including the Federal Capital Territory– Abuja. With a staff strength of over 1000 employees and an active customer base in excess of 300,000, Credit Direct Limited is positioning itself to become the dominant market leader in the unsecured micro-lending (payroll lending) space in Nigeria and indeed Sub-Saharan Africa.

Job Summary

Responsible for leading the internal audit function, ensuring the integrity and efficiency of financial and operational processes, and providing independent assurance that the organization’s risk management, governance, and internal control processes are operating effectively.

Job Details

Data Protection Compliance & Management:

• Develop and implement data protection policies and procedures in accordance with relevant regulations (e.g., GDPR, CCPA).
• Conduct regular assessments and audits to ensure compliance with data protection laws and internal policies.
• Handle data breach incidents, including investigation, reporting, and remediation.
• Ensure compliance with data protection laws and regulations.
• Perform regular audits to ensure compliance with data protection standards.
• Prepare reports for regulatory bodies and internal management.
• Address compliance gaps.
• Advise on data protection technologies.
• Provide expert advice on implementing secure IT systems.
• Collaborate with IT and other departments to develop and implement IT security policies and procedures.
• Conduct training sessions on data protection and IT security risks.
• Raise awareness about data security best practices among employees.
• Ensure that policies are communicated effectively and adhered to across the organization.
• Stay updated with the latest technologies and security trends.

IT Risk Assessment and Management:

• Identify, assess, and manage IT risks, including cybersecurity threats, data breaches, and system vulnerabilities.
• Develop and maintain an IT risk management framework and risk register.
• Monitor, evaluate and report on the effectiveness of existing IT controls and risk mitigation measures. Determine the impact of deficiencies on the operational and financial functions.
• Conduct audits in accordance with standards and a predefined audit plan.
• Perform audit tests and procedures, including the verification of specific information as requested by management.

Security Incident Management :

• Identify, assess, and manage IT risks, including cybersecurity threats, data breaches, and system vulnerabilities.
• Develop and maintain an IT risk management framework and risk register.
• Monitor, evaluate and report on the effectiveness of existing IT controls and risk mitigation measures. Determine the impact of deficiencies on the operational and financial functions.
• Conduct audits in accordance with standards and a predefined audit plan.
• Perform audit tests and procedures, including the verification of specific information as requested by management.

Regulatory Liaison & Audit Support:

• Serve as the point of contact for data protection authorities and other regulatory bodies.
• Ensure timely and accurate reporting to regulators as required. 
• Assist in the planning and execution of IT and data protection audits.
• Provide technical expertise and support during internal and external audits.
• Track and follow up on the implementation of audit recommendations related to IT and data protection.

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Law, or a related field.
• Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), or equivalent are highly desirable.

Experience:

• Minimum of 3- 5 years of experience in data protection, IT risk management, IT security, IT compliance or a related field.
• Experience in the financial services industry, particularly in consumer lending, is preferred. 
• Experience in managing IT risks and implementing IT security policies.
• Strong understanding of data protection regulations and IT risk management frameworks.
• Proficiency in technologies for data protection, security software, and risk assessment tools. 
• Knowledge of GDPR, CCPA, and other regulatory compliance software. 
• Experience with cloud security frameworks and IT infrastructure.

Technical:

• Data Analysis
• Financial Analysis 
• Forensic Auditing and Investigation
• Internal Auditing 
• Internal Control 
• IT Auditing 
• Quality Assurance 
• Regulatory Compliance
• Research
• Risk Management?

Behavioural:

• Entrepreneurial Mindset
• Excellence
• Execution
• Energy
• Empathy
• Evolution
• Emotional Intelligence
• Business Acumen
• Decision-Making
• Result Oriented
• Strategic Thinking
• Communication written & verbal
• Stakeholder Management
• Developing Others
• Analytical Thinking
• Leading Change
• Managing Risk
• Service Orientation

Method of Application

Signup to view application details. Signup Now