Information Security Manager

Duplo is a Lagos-based fintech startup that enables businesses in Africa automate their spend management, simplify cross-border payments, and control business finances all on one platform.

We want to make B2B payments as simple as P2P payment apps. Most business payments in Africa are made offline….yikes. We are on a mission to transform this. We are backed by top investors including Tribe Capital, Commerce Ventures, Liquid2 Ventures, My Asia VC, Soma Capital, YCombinator, Oui Capital, and others.

This is a unique opportunity. You'll have the responsibility and resources to take a significant part in the creation of a paradigm-changing product that will impact millions.

Responsibilities:

Strategic Leadership & Governance

• Define and lead the strategic direction of our Information Security program in alignment with the Board-approved policies.
  
  


• Oversee the design and execution of enterprise-wide cybersecurity strategies to protect critical business information systems and assets.
  
  


• Develop and maintain an information security governance framework, ensuring appropriate accountability, risk management, and compliance with applicable laws and regulations.
  
  

Operational & Budgetary Management

• Direct and manage the security operations, including security architecture, vulnerability management, identity & access management, incident response, and threat intelligence.
  
  


• Administer the information security budget, optimizing investments in tools, resources, and staff to support ongoing protection efforts.
  
  

Regulatory & Risk Management

• Monitor and interpret national and global regulatory developments, cyber threats, and trends to proactively enhance our security posture.
  
  


• Serve as the liaison with the CBN, law enforcement, and other regulatory agencies on security-related matters, including audits and compliance reporting.
  
  


• Ensure compliance with CBN guidelines, NDPR, GDPR (where applicable), ISO 27001, PCI-DSS, and other security frameworks or standards.
  
  

Program Development & Implementation

• Develop and continuously improve a comprehensive information security program, encompassing: Risk assessments and management, Data protection and encryption policies, Security awareness training ,Incident detection and response plans and Vendor risk management
  
  


• Lead information security planning across all business areas, including administrative, legal, financial, and technology functions.
  
  

Stakeholder Communication & Awareness

• Report regularly to senior management and the Board on the status of the information security posture, risk exposure, mitigation actions, and resource needs.
  
  


• Drive a culture of cybersecurity awareness throughout the organization via continuous education and engagement.
  
  


• Collaborate with other business units to integrate security considerations into project planning and digital innovation initiatives.
  
  

Technical & Professional Requirements

• Minimum of 10 years post-qualification experience, with:
  
  
  
  
  • At least 5 years in a senior management position
    
  
  
  • At least 5 years in an IT security or audit role
    
    
  
  
  
  


• Strong knowledge of banking regulations, especially CBN Guidelines related to information and cybersecurity.
  
  


• Experience in leading incident response and crisis communication efforts.
  
  


• Familiarity with core banking systems, payment platforms, and financial technology infrastructures.
  
  


• Proven ability to build and lead high-performing security teams.
  
  


• Effective communication skills to convey complex security topics to non-technical stakeholders.
  
  


• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related fields.
  

• Professional Certifications in at least one of the following:
  
  
  
  • Certified Information Systems Auditor (CISA)
    
    
  
  
  • Certified Information Security Manager (CISM)
    
    
  
  
  • Certified Information Systems Security Professional (CISSP)
    
    
  
  
  • ISO/IEC 27001 Lead Implementer or Lead Auditor
    
    
  
  
  • Other relevant IT security/audit certification