Verified Employer Hiring Fast Featured Role

Platform Manager (Security)

Heirs Technologies verified
flag
Location
location_on -
Work Model
home_work hybrid
Job Type
work Full-time
External Interest
open_in_new 0 clicks
Salary
payments Competitive

Intelligence Match

Match: ??%

rocket_launch
Skills Match 87%
Experience Match 88%
Portfolio Match 84%
lock

Unlock Your Personalized Match

Sign in to see your exact score breakdown and personalized insights.

Sign In

Team Tagline

No Tagline provided.

About the role

The Platform Manager (Security) is the dedicated security authority for the platform — not a generic security function, but an embedded owner who lives inside the software factory. Reporting to the Cybersecurity Director and working hand-in-hand with the Platform Manager, you will sit at the intersection of platform engineering, DevSecOps, cybersecurity, legal, and vendor management. You will own the definition, implementation, and strict enforcement of the platform's security posture across every team, system, and workstream. On a platform handling the financial data of millions of Africans, the practical objective is not to make theft or compromise impossible — it is to ensure that any attempt is hard, incomplete, noisy, traceable, attributable, and commercially useless without the platform's cloud infrastructure, credentials, pipelines, and integrations.

Required Skills

AWS CI/CD Kubernetes Linux Penetration Testing ISO 27001 GDPR Compliance SIEM

Preferred Skills

Docker Google Cloud (GCP) Identity & Access Mgt Ansible Ethical Hacking Incident Response

Responsibilities

  • Security Standards & Governance — Define, enforce, and continuously improve the platform's end-to-end security standards, policies, and controls — covering encryption, identity, application security, network security, data protection, and compliance. Ensure every team, partner, and contributor operates within these standards at all times.
  • Identity & Access Management — Own the platform's IAM framework — including MFA enforcement for all human access, service-to-service authentication using short-lived tokens and managed identities, privileged access management (PAM), just-in-time elevation, session recording, and automatic expiry. Standing privileged access to production is prohibited without formal exception.
  • Source Code & Repository Integrity — Own the security of the platform's source-control environment end-to-end — including repository segmentation by domain, service, team, and access need; SSO and MFA enforcement across all contributors; branch protection on all critical branches with mandatory pull requests, CODEOWNERS approval, and peer review required; no direct commits to protected branches and no force-push permitted; secret scanning and push protection enabled across all repositories; and audit logs exported to SIEM. No developer or vendor has access to all repositories by default — access maps strictly to role, squad, and deliverable, and is reviewed at defined intervals.
  • Application Security — Own the platform's secure development lifecycle — ensuring security requirements are defined at design, not retrofitted at delivery. Govern SAST, DAST, SCA, and secrets detection gates across all CI/CD pipelines. No service may be promoted to production without passing every security gate.
  • Encryption & Data Protection — Enforce AES-256 encryption at rest and TLS 1.2+ in transit across all services. Own key management through Azure Key Vault and AWS KMS — including rotation schedules and access controls. Drive data classification, DLP enforcement, and protection of customer, payment, and authentication data across all environments.
  • Penetration Testing & Vulnerability Management — Commission and oversee penetration testing before every production launch and on a regular cadence thereafter. Own the vulnerability management process — ensuring all critical and high CVEs are tracked and remediated within agreed timelines. Critical findings must be resolved before go-live.
  • Regulatory Compliance — Own the platform's compliance posture across CBN guidelines, PCI DSS, and applicable data protection regulations in all operating markets. Manage data residency requirements, assess cross-border data transfers, and ensure compliance reviews are conducted periodically with regulatory changes tracked and incorporated on a timely basis.
  • Incident Response & Unified Monitoring — Own the platform's Incident Response Plan — covering detection, triage, containment, eradication, recovery, and post-incident review. Ensure critical incidents are escalated to senior management and relevant regulators within prescribed timelines. Establish and maintain a unified monitoring posture that correlates repository audit logs, endpoint DLP telemetry, identity and VPN logs, and CI/CD activity as a single control surface — fed into SIEM for continuous alerting and investigation. All production systems must be monitored 24/7 with alerts routing to an active SOC function.
  • Supply Chain & Container Security — Enforce security across the platform's software supply chain — including container image scanning (Trivy), runtime threat detection (Falco), and dependency vulnerability scanning (Snyk) integrated into every pipeline. No container may be deployed without passing security gates.
  • Insider Threat, Endpoint & Workforce Risk — Define and enforce developer workstation security requirements — including managed/compliant device standards for repository and cloud access, endpoint detection and response (EDR), disk encryption, OS patching, and device compliance. For high-risk contributors or sensitive workstreams, evaluate VDI or cloud-hosted development environments with download, clipboard, and USB controls. Implement insider-risk monitoring to detect and escalate abnormal behaviour — mass data downloads, unusual clone volume, privilege escalation, DLP violations, and access attempts after role change or termination. Ensure monitoring is privacy-aware, legally approved, and integrated with SIEM and SOC workflows.
  • Partner, IP & Third-Party Controls — Own security due diligence for all engineering partners and contractors — including contractual clauses covering IP assignment, confidentiality, data protection, right-to-audit, secure development, and incident notification. Ensure partner access is provisioned on a least-privilege basis, time-bound, reviewed at defined intervals, and revoked immediately upon exit. Enforce structured offboarding — access removal, device return, confirmation of no retained code or materials, and explicit reminder of IP and confidentiality obligations. Coordinate with Legal and HR on suspected IP infringement — ensuring evidence is preserved, incidents are triaged, and the appropriate enforcement or takedown process is followed.
  • Security Architecture Collaboration — Partner with the Enterprise Architect, Platform Manager, and engineering leads to ensure security is designed in from day one — not bolted on. Contribute security requirements at the design phase of every new service, feature, and integration.
  • Executive Reporting — Report regularly to the Cybersecurity Director on the platform's security posture, compliance status, incident activity, and risk profile. Represent the security function in key leadership forums and board-level discussions when required.
security

Job Application Safety Disclaimer

Your security and privacy are our top priorities. Please be aware that InStreamIQ will never ask you to pay any fees for job applications, placements, or training as a condition of employment.

Furthermore, legitimate employers will not ask for sensitive personal identification such as your Bank Verification Number (BVN), National Identification Number (NIN), or Passport details during the initial application phase. Do not share financial information or make any payments to individuals or organizations claiming to represent an employer. If you encounter any suspicious requests, please report the listing immediately via our support channels.

fact_check

Confirm Application & Data Sharing

By proceeding, you consent to sharing your InStreamIQ professional profile with Heirs Technologies for the purpose of applying for the Platform Manager (Security) position.

Shared data includes your: Email address, Work Experiences, Educational Background, Technical Skills, and Portfolio Projects.

This information is shared exclusively for this specific candidacy. You can manage your privacy settings in your dashboard.

exit_to_app

Leaving InStreamIQ

You are moving to an external platform to complete your application. Please note that InStreamIQ is not responsible for the data security or privacy practices of third-party websites.

Safety Reminder: Do not share highly sensitive information like BVN, NIN, or make any form of payment on external sites.

By clicking 'Continue', you acknowledge that you are proceeding at your own discretion to the employer's chosen platform.