GRC hiring and salary signals

A Lagos fintech is no longer hiring one person to write policies and another person to watch alerts. One recent posting asked for an Information Security Officer who can do governance, risk, and compliance work and also run hands-on security operations with Splunk, incident response, access control, and vulnerability assessment. (jobmeter.app) That same role wanted International Organization for Standardization 27001 and National Institute of Standards and Technology experience in one seat. In plain English, the company wants someone who can both draw the security map and patrol the building. (jobmeter.app) A second Lagos posting showed the money side of the same trend. MPI Africa advertised an Internal Auditor role in Lagos at 1,000,000 naira a month for someone focused on internal controls, risk management, governance, compliance, and operational audit. (jobmeter.app) That salary marker matters because internal audit used to look like a back-office checklist job in many firms. The posting describes it instead as a role that strengthens accountability across the group and its subsidiaries, which is closer to how listed-company control teams are framed in mature markets. (jobmeter.app) The background is regulation. Nigeria’s Data Protection Act 2023 created a national legal framework for personal-data handling and set up the Nigeria Data Protection Commission, which means fintechs now face more formal scrutiny over how customer information is collected, stored, and shared. (placng.org) The banking side tightened too. The Central Bank of Nigeria issued risk-based cybersecurity frameworks for financial institutions in 2022 and for deposit money banks and payment service banks in 2024, pushing firms toward documented controls, incident reporting, and tested security programs instead of informal practices. (pavestoneslegal.com, mondaq.com) That is why one Lagos employer now wants vendor-risk style work and audit support in the same security job as security event monitoring. The person in the chair has to explain controls to auditors, prove them to regulators, and still respond when the alarm goes off at 2 a.m. (jobmeter.app) This is not one isolated ad. Other Lagos listings now bundle International Organization for Standardization 27001, National Institute of Standards and Technology, Payment Card Industry Data Security Standard, third-party risk, and Security Operations Centre tooling into the same hiring brief, especially in finance and payments. (myjobmag.com, jobberman.com, ng.indeed.com) Even the pure security-operations jobs are starting to absorb compliance language. A Lagos banking role for a Lead Cybersecurity Operations Specialist at 900,000 to 1,200,000 naira asked for Security Information and Event Management, Security Orchestration Automation and Response, threat hunting, and familiarity with International Organization for Standardization 27001, National Institute of Standards and Technology, Nigeria Data Protection Act, and Payment Card Industry Data Security Standard. (jobberman.com) The practical message for candidates is simple. The market is paying a premium for people who can move between policy documents, audit evidence, third-party reviews, and live incident handling without needing a handoff every time the work changes. (jobmeter.app, jobmeter.app, myjobmag.com)