H

Platform Manager (Security)

Heirs Technologies

Engineering & Technology

Today
New
Experience Level: Mid level Experience Length: 8 years Language Requirement: English Working Hours: Contract - 8 to 5

Job descriptions & requirements


About Heirs Technologies

Heirs Technologies is the technology subsidiary of Heirs Holdings, Africa's leading investment holding company, building world-class digital products and platforms serving millions of Africans across the continent and diaspora.


About the Engagement

We are building a next-generation digital banking platform for one of Africa's largest financial institutions, built to serve 15 million users at launch and scale to hundreds of millions across the continent and diaspora. This is a once-in-a-generation opportunity to work on infrastructure that will define how Africa transacts, saves, and grows.


The Role

The Platform Manager (Security) is the dedicated security authority for the platform, not a generic security function but an embedded owner living inside the software factory. Reporting to the Cybersecurity Director and working hand-in-hand with the Platform Manager, you sit at the intersection of platform engineering, DevSecOps, cybersecurity, legal, and vendor management. You own the definition, implementation, and strict enforcement of the platform's security posture across every team, system, and workstream. On a platform handling the financial data of millions of Africans, the goal isn't to make compromise impossible; it's to ensure any attempt is hard, incomplete, noisy, traceable, attributable, and commercially useless without the platform's infrastructure, credentials, pipelines, and integrations.


What You'll Do

  • Security Standards & Governance: Define, enforce, and continuously improve end-to-end security standards, policies, and controls covering encryption, identity, application security, network security, data protection, and compliance across every team and contributor.
  • Identity & Access Management: Own the platform's IAM framework, MFA for all human access, service-to-service authentication via short-lived tokens and managed identities, privileged access management, just-in-time elevation, session recording, and automatic expiry. Standing privileged access to production is prohibited without formal exception.
  • Source Code & Repository Integrity: Own security of the source-control environment end-to-end, repository segmentation by domain/team/access need, SSO and MFA across all contributors, branch protection with mandatory pull requests, CODEOWNERS approval and peer review, no direct commits or force-pushes to protected branches, secret scanning and push protection, and audit logs exported to SIEM. Access maps strictly to role and deliverable and is reviewed regularly.
  • Application Security: Own the secure development lifecycle, ensuring security is designed in, not retrofitted. Govern SAST, DAST, SCA, and secrets detection gates across all CI/CD pipelines. No service reaches production without passing every gate.
  • Encryption & Data Protection: Enforce AES-256 at rest and TLS 1.2+ in transit. Own key management through Azure Key Vault and AWS KMS, including rotation and access controls. Drive data classification, DLP enforcement, and protection of customer, payment, and authentication data.
  • Penetration Testing & Vulnerability Management: Commission penetration testing before every launch and on a regular cadence. Own vulnerability management, ensuring critical and high CVEs are tracked and remediated on agreed timelines. Critical findings must be resolved before go-live.
  • Regulatory Compliance: Own compliance posture across CBN guidelines, PCI DSS, and applicable data protection regulations in all operating markets, including data residency and cross-border transfer requirements.
  • Incident Response & Unified Monitoring: Own the Incident Response Plan (detection through post-incident review), escalating critical incidents within prescribed timelines. Maintain unified monitoring correlating repository logs, endpoint DLP telemetry, identity/VPN logs, and CI/CD activity, feeding SIEM for continuous alerting. All production systems monitored 24/7 with alerts routed to an active SOC.
  • Supply Chain & Container Security: Enforce container image scanning (Trivy), runtime threat detection (Falco), and dependency scanning (Snyk) in every pipeline. No container deploys without passing security gates.
  • Insider Threat, Endpoint & Workforce Risk: Define workstation security requirements (EDR, disk encryption, patching, compliance). Evaluate VDI/cloud-hosted dev environments with download/clipboard/USB controls for high-risk contributors. Implement insider-risk monitoring for abnormal behaviour (mass downloads, unusual clone volume, privilege escalation, post-termination access attempts), privacy-aware and integrated with SIEM/SOC.
  • Partner, IP & Third-Party Controls: Own security due diligence for partners and contractors, contractual IP/confidentiality/data protection/audit clauses, least-privilege time-bound access reviewed regularly and revoked on exit. Enforce structured offboarding and coordinate with Legal/HR on suspected IP infringement.
  • Security Architecture Collaboration: Partner with the Enterprise Architect, Platform Manager, and engineering leads so security is designed in from day one for every new service, feature, and integration.
  • Executive Reporting: Report regularly to the Cybersecurity Director on security posture, compliance, incidents, and risk. Represent the security function at leadership and board level as required.

What We're Looking For

Must Have

  • 8+ years in information security or cybersecurity, with proven ownership of a security function in a large-scale, cloud-native, or financial services environment
  • Deep expertise across the full security stack: IAM, encryption/key management, application security (SDLC, SAST, DAST, SCA), network security, DLP, and incident response
  • Strong hands-on cloud security knowledge on AWS and/or Azure, including native security services, IAM, private networking, zero-trust architecture, and cloud-native threat detection
  • Demonstrated experience owning regulatory compliance in financial services (PCI DSS, CBN guidelines, or equivalent)
  • Experience designing and operating a SOC function, including 24/7 monitoring, SIEM integration, alert management, and incident escalation
  • Active CISSP or CISM certification required

Nice to Have

  • CSSLP and/or CCSP certification
  • AWS Certified Security, Specialty and/or Microsoft SC-200 or SC-100
  • Hands-on experience with container and supply chain security tooling (Trivy, Falco, Snyk)
  • Familiarity with IaC security scanning (Terraform, Ansible, Bash) for misconfigurations, hardcoded secrets, and insecure defaults
  • Experience implementing insider threat monitoring in regulated financial services
  • Familiarity with African regulatory frameworks: CBN guidelines, NDPR, and data residency requirements

Compensation

Competitive and commensurate with experience. Details shared with shortlisted candidates.

What We Offer

  • Impactful work: be the security authority for a platform handling the financial data of millions of Africans
  • World-class team: work alongside engineers, architects, and product thinkers from top organisations across the continent and globally
  • Modern ways of working: agile, best-in-class security tooling, dual-cloud (AWS + Azure) foundation
  • Based at our Lagos office, at the heart of Africa's most dynamic technology ecosystem

How to Apply

Apply via the link in the job posting. Applications are managed through our recruitment platform and reviewed on a rolling basis.


<

Important safety tips

  • Do not make any payment without confirming with the Jobberman Customer Support Team.
  • If you think this advert is not genuine, please report it via the Report Job link below.

This action will pause all job alerts. Are you sure?

Cancel Proceed

Similar jobs

Lorem ipsum

Lorem ipsum dolor (Location) Lorem ipsum Confidential
3 years ago

Stay Updated

Join our newsletter and get the latest job listings and career insights delivered straight to your inbox.

v2.homepage.newsletter_signup.choose_type

We care about the protection of your data. Read our

We care about the protection of your data. Read our  privacy policy .

Follow us On:
Get it on Google Play
2026 Jobberman

Or your alerts