Cyber Security Consultant

About ProtocolClear

ProtocolClear is an independent, principal-led consultancy in security, privacy, AI governance, and compliance. We deliver security and compliance engagements to regulated-industry clients and we run an in-house Lagos team. This role exists so delivery can be handed off to a capable senior practitioner, with the founder overseeing quality. Security made clear is the standard every deliverable must meet.

About the role

This is a salaried security delivery consultant role, distinct from our annotation roles. You will run and contribute to client security engagements alongside the privacy and compliance consultant, and you will take on internal and other work when not on client delivery. You will perform security architecture reviews, cloud security assessments, risk assessments, and compliance framework consulting across SOC 2, ISO 27001, NIST (CSF and 800-53 and 800-171), CMMC, NYDFS, and HIPAA, and you will advise on security control implementation. You will be client-facing: explaining findings, prioritizing remediation, and guiding clients to defensible outcomes. The founder oversees delivery and supplies direction, and over time you carry more of the engagement load directly.

The standard your work is held to

Your work is held to a professional consulting standard: findings must be accurate, evidence-based, and defensible to a client's auditor, board, or regulator. A security recommendation must be correct and implementable, not generic. A compliance gap finding must map to the specific framework control and to a real, prioritized remediation. You are expected to tell a client what is actually wrong and what to do about it, in plain terms, without overstating risk to sell work or understating it to avoid a hard conversation. You own the quality of what leaves your hands. Certifications are verified before hire, and your delivery is expected to match the credentials you hold.

What you will do

• Conduct security architecture reviews and identify design weaknesses with concrete fixes.
• Perform cloud security assessments (configuration, identity and access, network, data protection) across major cloud platforms.
• Run risk assessments and translate them into prioritized, business-aware remediation plans.
• Lead and support compliance engagements for SOC 2, ISO 27001, NIST CSF and 800-53 and 800-171, CMMC, NYDFS, and HIPAA, including gap analysis, control mapping, evidence collection, and audit readiness.
• Design and advise on security control implementation.
• Write clear findings and present them to technical and non-technical stakeholders.
• Work alongside the privacy and compliance consultant on shared engagements.
• Carry internal security work when not on billable client delivery.

What we are looking for (required)

• Genuine hands-on security and GRC delivery experience, not only study, with client-facing or internal advisory work behind you.
• Professional-level security certifications, verified before hire (see accepted issuers in the process below).
• Working command of at least one major compliance framework and familiarity with several of SOC 2, ISO 27001, NIST, CMMC, NYDFS, and HIPAA.
• Practical cloud security knowledge.
• The ability to run a risk assessment and produce a prioritized remediation plan.
• Clear written and verbal communication, including explaining a control to a non-technical client.
• Sound judgement on what matters most.
• Willingness to have certifications and references verified as part of hiring.

Nice to have (preferred)

• Senior certifications such as CISSP, CISM, or CCSP, and ISO 27001 Lead Implementer or Lead Auditor from an accepted body.
• Cloud security certifications (for example AWS Security Specialty, Azure SC-200 or AZ-500).
• CISA or CRISC for the audit and risk track.
• Experience preparing organizations for SOC 2 or ISO 27001 audits.
• Familiarity with GRC platforms (for example Vanta, Drata, OneTrust).
• Experience in a regulated sector (banking, fintech, healthcare).
• Exposure to AI governance or AI risk frameworks.

Compensation

The structure is roughly 80% fixed base and 20% variable, with the variable profit-gated and tied to collected client revenue and delivery quality. The monthly total sits in a mid-to-senior Lagos professional band, about ₦450,000 to ₦950,000 per month depending on seniority, certification load, and delivery responsibility. Stronger credentials and a heavier delivery role place you higher in the band.

How we work

We verify certifications before the AI interview for certification-gated roles, and we verify references. We hold client data under NDA and inside approved systems. We work to deadlines and we document. Delivery quality is overseen by the founder and, along with collected revenue, is the basis of the variable component. A score below 4 in screening is an automatic decline, and any cheating or AI-use flag in the process is an automatic decline.

<