Platform Manager (Security)
Heirs Technologies
About Heirs Technologies
Heirs Technologies is the technology subsidiary of Heirs Holdings, Africa's leading investment holding company. We build world-class digital products and platforms that serve millions of Africans across the continent and diaspora.
About the Engagement
We are building a next-generation digital banking platform for one of Africa's largest financial institutions — a product built to serve 15 million users at launch, scaling to hundreds of millions across the continent and diaspora. This is a once-in-a-generation opportunity to work on infrastructure that will define how Africa transacts, saves, and grows.
The Role
The Platform Manager (Security) is the dedicated security authority for the platform — not a generic security function, but an embedded owner who lives inside the software factory. Reporting to the Cybersecurity Director and working hand-in-hand with the Platform Manager, you will sit at the intersection of platform engineering, DevSecOps, cybersecurity, legal, and vendor management. You will own the definition, implementation, and strict enforcement of the platform's security posture across every team, system, and workstream. On a platform handling the financial data of millions of Africans, the practical objective is not to make theft or compromise impossible — it is to ensure that any attempt is hard, incomplete, noisy, traceable, attributable, and commercially useless without the platform's cloud infrastructure, credentials, pipelines, and integrations.
What You'll Do
Security Standards & Governance — Define, enforce, and continuously improve the platform's end-to-end security standards, policies, and controls — covering encryption, identity, application security, network security, data protection, and compliance. Ensure every team, partner, and contributor operates within these standards at all times.
Identity & Access Management — Own the platform's IAM framework — including MFA enforcement for all human access, service-to-service authentication using short-lived tokens and managed identities, privileged access management (PAM), just-in-time elevation, session recording, and automatic expiry. Standing privileged access to production is prohibited without formal exception.
Source Code & Repository Integrity — Own the security of the platform's source-control environment end-to-end — including repository segmentation by domain, service, team, and access need; SSO and MFA enforcement across all contributors; branch protection on all critical branches with mandatory pull requests, CODEOWNERS approval, and peer review required; no direct commits to protected branches and no force-push permitted; secret scanning and push protection enabled across all repositories; and audit logs exported to SIEM. No developer or vendor has access to all repositories by default — access maps strictly to role, squad, and deliverable, and is reviewed at defined intervals.
Application Security — Own the platform's secure development lifecycle — ensuring security requirements are defined at design, not retrofitted at delivery. Govern SAST, DAST, SCA, and secrets detection gates across all CI/CD pipelines. No service may be promoted to production without passing every security gate.
Encryption & Data Protection — Enforce AES-256 encryption at rest and TLS 1.2+ in transit across all services. Own key management through Azure Key Vault and AWS KMS — including rotation schedules and access controls. Drive data classification, DLP enforcement, and protection of customer, payment, and authentication data across all environments.
Penetration Testing & Vulnerability Management — Commission and oversee penetration testing before every production launch and on a regular cadence thereafter. Own the vulnerability management process — ensuring all critical and high CVEs are tracked and remediated within agreed timelines. Critical findings must be resolved before go-live.
Regulatory Compliance — Own the platform's compliance posture across CBN guidelines, PCI DSS, and applicable data protection regulations in all operating markets. Manage data residency requirements, assess cross-border data transfers, and ensure compliance reviews are conducted periodically with regulatory changes tracked and incorporated on a timely basis.
Incident Response & Unified Monitoring — Own the platform's Incident Response Plan — covering detection, triage, containment, eradication, recovery, and post-incident review. Ensure critical incidents are escalated to senior management and relevant regulators within prescribed timelines. Establish and maintain a unified monitoring posture that correlates repository audit logs, endpoint DLP telemetry, identity and VPN logs, and CI/CD activity as a single control surface — fed into SIEM for continuous alerting and investigation. All production systems must be monitored 24/7 with alerts routing to an active SOC function.
Supply Chain & Container Security — Enforce security across the platform's software supply chain — including container image scanning (Trivy), runtime threat detection (Falco), and dependency vulnerability scanning (Snyk) integrated into every pipeline. No container may be deployed without passing security gates.
Insider Threat, Endpoint & Workforce Risk — Define and enforce developer workstation security requirements — including managed/compliant device standards for repository and cloud access, endpoint detection and response (EDR), disk encryption, OS patching, and device compliance. For high-risk contributors or sensitive workstreams, evaluate VDI or cloud-hosted development environments with download, clipboard, and USB controls. Implement insider-risk monitoring to detect and escalate abnormal behaviour — mass data downloads, unusual clone volume, privilege escalation, DLP violations, and access attempts after role change or termination. Ensure monitoring is privacy-aware, legally approved, and integrated with SIEM and SOC workflows.
Partner, IP & Third-Party Controls — Own security due diligence for all engineering partners and contractors — including contractual clauses covering IP assignment, confidentiality, data protection, right-to-audit, secure development, and incident notification. Ensure partner access is provisioned on a least-privilege basis, time-bound, reviewed at defined intervals, and revoked immediately upon exit. Enforce structured offboarding — access removal, device return, confirmation of no retained code or materials, and explicit reminder of IP and confidentiality obligations. Coordinate with Legal and HR on suspected IP infringement — ensuring evidence is preserved, incidents are triaged, and the appropriate enforcement or takedown process is followed.
Security Architecture Collaboration — Partner with the Enterprise Architect, Platform Manager, and engineering leads to ensure security is designed in from day one — not bolted on. Contribute security requirements at the design phase of every new service, feature, and integration.
Executive Reporting — Report regularly to the Cybersecurity Director on the platform's security posture, compliance status, incident activity, and risk profile. Represent the security function in key leadership forums and board-level discussions when required.
What We're Looking For
Must Have
8+ years of experience in information security or cybersecurity, including proven ownership of a security function in a large-scale, cloud-native, or financial services environment.
Deep expertise across the full security stack — identity & access management, encryption & key management, application security (SDLC, SAST, DAST, SCA), network security, DLP, and incident response.
Strong hands-on knowledge of cloud security on AWS and/or Azure — including native security services, IAM, private networking, zero-trust architecture, and cloud-native threat detection tools.
Demonstrated experience owning regulatory compliance in a financial services context — PCI DSS, CBN guidelines, or equivalent data protection and residency frameworks.
Experience designing and operating a Security Operations Centre (SOC) function — including 24/7 monitoring, SIEM integration, alert management, and incident escalation workflows.
Active security certification — CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) required.
Nice to Have
CSSLP (Certified Secure Software Lifecycle Professional) — highly relevant given the software factory focus of this role; and/or CCSP (Certified Cloud Security Professional) for cloud security depth.
AWS Certified Security – Specialty and/or Microsoft Certified: Security Operations Analyst Associate (SC-200) or Cybersecurity Architect Expert (SC-100).
Hands-on experience with container and supply chain security tooling — Trivy, Falco, Snyk, or equivalent.
Familiarity with IaC security scanning and policy enforcement — including reviewing Terraform, Ansible, and Bash-based provisioning scripts for misconfigurations, hardcoded secrets, and insecure defaults as part of CI/CD-integrated SAST workflows.
Experience implementing and operating insider threat monitoring programmes in a regulated financial services environment.
Familiarity with African regulatory frameworks — CBN guidelines, NDPR, and data residency requirements across multiple operating markets.
Compensation
Competitive and commensurate with experience. Details will be shared with shortlisted candidates.
What We Offer
Impactful work — you'll be the security authority for a platform handling the financial data of millions of Africans.
World-class team — you'll work alongside engineers, architects, and product thinkers from some of the best organisations on the continent and globally.
Modern ways of working — agile, equipped with best-in-class security tooling, and built on a dual-cloud (AWS + Azure) foundation.
Lagos, Nigeria — based at our Lagos office, at the heart of Africa's most dynamic technology ecosystem.
How to Apply
To apply, please use the link provided in the job posting. Applications are managed through our recruitment platform and reviewed on a rolling basis.
- ...build world-class digital products and platforms that serve millions of Africans across the... ...and grows. The Role The Platform Manager is the operational engine of this platform... ...every service ships through automated, security-gated pipelines with zero direct...
- ...build world-class digital products and platforms that serve millions of Africans across the... ...true for ours. The Role The IT Manager (Platform) is the operational backbone of... ...office network infrastructure, and the IT security controls that keep the team's work...
- ...Overview We're seeking a Senior Manager for Product and Platforms Programmes to oversee the planning, execution, and delivery of complex, cross-functional technology programs. This role ensures alignment with strategic objectives, manages risks, and drives stakeholder...
- ...Job title : Deputy Security Manager Job Location : Lagos Deadline : July 18, 2026 Quick Recommended Links Location: Gboko Plant, Gboko Plant, Nigeria Company: Dangote Industries Limited Job Summary Protection of life and properties of the company and daily...
- ...Job title : Power Platform Developer Job Location : Lagos Deadline : August 02, 2026... ...functionality Addressing and remediating security vulnerability findings in PowerAppsOwn... ...CD pipelines, environment and solution management, and release practices. Run code reviews...
- ...build world-class digital products and platforms that serve millions of Africans across the... .... The Role As Senior Network & Security Engineer, you will design, build, and operate... ...— working closely with the Platform Manager and Platform Manager (Security) to ensure...
- Requirements ~ Candidates should possess relevant qualifications and experience. Application Closing Date Not Specified. How to Apply Interested and qualified candidates should: Click here to apply online Share this job:
- ...help! As a leader of the Information Security function at Paystack, you will contribute... ...company to drive solutions that impact our platform for the good of Paystack and ultimately,... ...direction for Security Governance, Risk Management, and Compliance that aligns with the...
- ...Job title : Security Personnel Job Location : Lagos Deadline : July 30, 2026 Quick Recommended Links Monitor and secure the assigned... ...activities and report findings to the Security Supervisor or Management. Enforce company security policies, procedures, and safety...
- ...This is a remote position. The Security Lead is responsible for defining and executing the organization’s cybersecurity strategy, leading security architecture, managing risk, and ensuring compliance with global security standards. This role works closely with engineering...
- Qualifications ~ Interested candidate(s) should possess relevant qualifications and experience. Application Closing Date 9th July, 2026. How to Apply Interested and qualified candidates should send their CV and Cover Letter to: ****@*****.***...
- ...Job title : Analyst, Technology Security Operations Job Location : Lagos Deadline :... ...knowledge of Security Operation, Endpoint management, Network Security and Vulnerability management... ...Management Infrastructure and Platforms Support IT Applications IT Programme...
- ...Job title : Analyst, Cloud Security Operations Job Location : Lagos Deadline : July... ...Responsibilities Responsible for monitoring, managing, and enhancing the security of cloud-... ...), and other security controls in cloud platforms (e.g., AWS, Azure, GCP). Manage...
- ...high growth startups like Stripe, Vercel, Bolt, and many founders of their own companies. Overview The responsibilities of our Platform team include building and maintaining all backend services, including, but not limited to, payments, analytics, subscriptions, new...
- ...Job Summary We are seeking a responsible and vigilant Security Personnel to protect our premises, assets, and personnel. The ideal candidate will maintain a high level of visibility, prevent unauthorized access, and ensure the safety of staff and visitors through...
- Job title : Professional Security Officers Job Location : Lagos Deadline : August 02, 2026 Quick Recommended Links About job ~ Certified security personnel to secure factory assets.
- ...Job title : Security Personnel Job Location : Lagos Deadline : July 26, 2026 Quick Recommended Links Job Summary ~ We are looking for disciplined and reliable security officers to join our team. Requirements Good communication Physical fit and alert....
- ...Job title : OT Security Engineer Job Location : Lagos Deadline : August 02, 2026 Quick Recommended Links Department: IT Security... ...assessments. Implement monitoring controls. Support vulnerability management. Respond to OT security incidents. Ensure compliance...
- Job title : Security Guards Job Location : Lagos Deadline : July 09, 2026 Quick Recommended Links Interested applicant(s) should possess relevant qualifications and experience
- ...Job title : Head, IT Security Job Location : Lagos Deadline : July 26, 2026 Quick Recommended Links Job Objectives The Head of... ...monitoring evolving risks and establishing proactive defenses. Lead, manage, and mentor the IT security team to build a high-performing...
- ...Job title : Chief Security Officer Job Location : Lagos Deadline : August 02, 2026 Quick Recommended Links Description ~ The Chief Security Officer whose appointment shall be on contract basis shall be responsible for the overall security of lives and property...
- ...Job title : Security Officer Job Location : Lagos Deadline : July 18, 2026 Quick Recommended Links Description ~ We are seeking a vigilant, disciplined, and professional Security Officer to safeguard our people, assets, and premises. Requirements Minimum...
- ...About Job ~ Certified security personnel to secure factory assets. Application Closing Date Not Specified. How to Apply Interested and qualified candidates should forward their CV to: ****@*****.*** using the Job Title as the subject of the mail...
- Job title : Security Guards Job Location : Lagos Deadline : July 19, 2026 Quick Recommended Links Responsibilities Access control Patrol Documentation Reporting.
- ...Job title : Senior Application Security Engineer Job Location : Lagos Deadline : July 22, 2026 Quick Recommended Links Role Overview... ...standards, drive adoption across engineering teams, and manage a Security Champions programme. Advantageous: AppSec fundamentals...
- Job title : Network Security Operations Job Location : Lagos Deadline : August 01, 2026 Quick Recommended Links Interested applicant(s) should possess relevant qualifications and experience
- ...professionalism Coordinate intelligence and emergency response Requirements Proven leadership background (Military, Police, Security, Community Leadership, Civil Service, etc.) Clean integrity record (No criminal history, cultism, drug abuse or violence)...
- ...Job title : Chief Operating Officer (Private Security) Job Location : Lagos Deadline : July 26, 2026 Quick Recommended Links Job Summary... ...operational excellence, ensure high-quality service delivery, manage large-scale security operations, and support business growth....
- ...Job title : Team Lead Security Presales Engineer Job Location : Lagos Deadline : July 22, 2026 Quick Recommended Links Job Summary... ...to customers Work closely with the engineering and product management teams to understand new product features and enhancements...
- ...Job Summary The e-commerce manager’s primary objective is to increase conversion rates... ...and user experience for all on-line platforms Launch successful sales events through... ...optimization tactics, data mining, and security issues. What We Offer Competitive...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Platform Manager (Security). Be the first to apply!
