Security Governance, Risk & Compliance (GRC) Analyst

Job Summary To protect Credit Direct Limited's information assets, technology infrastructure, and customer data by implementing and sustaining a robust security compliance framework. The role is responsible for continuous security monitoring, compliance testing, proactive threat modelling, and coordinating incident response, ensuring the organisation remains resilient against evolving cyber threats and fully aligned with applicable regulatory obligations including the CBN Cybersecurity Framework, NDPR/NDPA, PCI-DSS, and ISO 27001. Security Compliance Monitoring Design, implement, and manage a continuous security compliance monitoring programme covering network, application, endpoint, and cloud environments. Monitor compliance with the CBN Cybersecurity Framework, NDPR/NDPA, ISO 27001, PCI-DSS, and other applicable standards. Develop and maintain compliance dashboards and real-time alerting mechanisms for security control deviations. Conduct periodic compliance assessments against regulatory baselines and internal security policies. Track remediation of identified compliance gaps and report status to the Head of Systems Audit & Security Compliance. Maintain an up-to-date register of all applicable security regulations, frameworks, and control obligations. Liaise with regulators, external auditors, and certification bodies on compliance reviews and audit exercises. Security Testing Plan, coordinate, and execute regular security testing activities including vulnerability assessments, penetration testing, and red team exercises. Conduct application security testing (SAST/DAST) on Credit Direct's digital platforms, APIs, and mobile applications. Perform configuration reviews of network devices, servers, cloud infrastructure, and identity management systems. Validate security controls effectiveness through structured control testing and evidence-based assurance. Manage relationships with third-party penetration testing vendors and review their deliverables for quality and completeness. Track, prioritise, and drive remediation of vulnerabilities identified through testing activities. Produce detailed security testing reports with risk-rated findings and actionable recommendations. Threat Modelling Develop and maintain a structured threat modelling programme using industry frameworks (STRIDE, MITRE ATT&CK, PASTA). Conduct threat modelling exercises for new products, platforms, system changes, and third-party integrations prior to deployment. Identify attack vectors, threat actors, and potential impact scenarios relevant to Credit Direct's business model and technology stack. Produce threat landscape reports and advisories for consumption by IT, Product, and Senior Management. Map identified threats to existing controls and identify control gaps requiring remediation. Maintain and update the organisation's threat register in alignment with the evolving Nigerian and global cyber threat environment. Collaborate with IT Architecture and Product Development t