Senior Information Security Officer (Governance, Risk & Compliance)

Multigate is a financial services platform company that provides institutions with access to safe and secure

treasury and liquidity management systems. Founded in 2017, Multigate is focused on providing simplified

solutions that unravel the complex payment and cash management challenges encountered by enterprise

corporates in emerging markets.

Multigate is seeking to hire a highly experienced Senior Information Security Officer (GRC) to lead and manage the organization's Information Security Governance, Risk, and Compliance (GRC) functions. The successful candidate will be responsible for maintaining compliance with international standards, including ISO/IEC 27001 , ISO 22301 , and ISO 20000 , as well as ensuring adherence to the SWIFT Provider Security Program (SWIFT PSP) for service providers.

This role is critical in embedding security governance into business processes, ensuring that our organization meets all regulatory, contractual, and internal security requirements.

Duties/Responsibilities

Governance & Compliance:

• Develop, implement, and maintain the organization's information security governance framework.
• Oversee and manage compliance with ISO 27001 (Information Security), ISO 22301 (Business Continuity), and ISO 20000 (IT Service Management) standards.
• Ensure policies, procedures, and controls are aligned with industry best practices and business objectives.
• Lead the implementation and ongoing compliance with the SWIFT Customer Security Programme (CSP) for service providers, ensuring annual assessments and attestation requirements are met.

Risk Management:

• Identify, assess, and manage information security risks across the organization.
• Develop and maintain the organization's risk register and conduct regular risk reviews.
• Perform third-party risk assessments and support vendor risk management processes.
• Provide risk treatment plans and work with stakeholders to track mitigation progress.

Audit & Assurance:

• Coordinate and support internal and external audits, including ISO certifications and SWIFT compliance audits.
• Conduct regular internal compliance reviews, gap assessments, and control effectiveness testing.
• Track audit findings, non-conformities, and improvement actions to closure.

Policy & Awareness:

• Develop and maintain security policies, standards, procedures, and guidelines.
• Deliver security awareness training and education programs to promote a strong security culture across the organisation.

Stakeholder Engagement:

• Collaborate with IT, Legal, Risk, Operations, and other departments to embed security and compliance into processes and projects.
• Provide expert advice on security and compliance implications for business initiatives and technology changes.
• Report on GRC metrics and present risk and compliance status to senior leadership and governance forums.

Requirements

• 5 years proven experience in a senior information security role with a strong GRC focus.
• In-depth knowledge of ISO/IEC 27001, ISO 22301, and ISO 20000 standards, including leading audits or implementations.
• Practical experience with SWIFT CSCF/PSP compliance, particularly for service providers.
• Strong understanding of security frameworks and standards such as NIST, CIS Controls, and GDPR.
• Excellent communication and stakeholder management skills.
• Experience conducting risk assessments and managing risk treatment plans.
• Familiarity with GRC tools and risk management platforms.

Preferred Skill s

• Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CRISC, or similar.
• Experience in financial services or regulated industries.
• Knowledge of ITIL and service management processes.

Benefits

• Career development/Opportunities
• Office perks
• Working with amazing talents
• Role Autonomy