Location:

Ghana

Employment Type:

Full-Time

Job description:

The Head of Compliance is the company’s second-line owner for regulatory and scheme adherence across our issuing and acceptance businesses. You will design and run an integrated compliance program covering payment scheme rules, information security & IT operations compliance, business continuity & resilience, enterprise risk &
governance, data protection & residency, and local banking regulations across our operating countries. Your
mandate is twofold: (1) keep us audit-ready and regulator-confident; (2) optimize compliance to enable faster delivery, lower cost, and scalable growth (“compliance-by-design”).

Key responsibilities:

– Strategy, Governance and oversight : Own the Compliance Management Framework (policies, standards, controls, assurance plan) mapped to applicable laws, regulations, and scheme rulebooks. Chair the Compliance & Risk Committee; provide monthly dashboards to ELT and quarterly reporting to the Board Audit/Risk Committee. Maintain and continually improve the Regulatory Obligations Register and Control Library, with traceability to processes, systems, and owners.

– Chair the Compliance & Risk Committee; provide monthly dashboards to ELT and quarterly reporting to the Board Audit/Risk Committee. Maintain and continually improve the Regulatory Obligations Register and Control Library, with traceability to processes, systems, and owners.

– Regulations & Supervisory Engagement: Act as primary liaison with central banks and regulators (e.g. CBE, SARB, CBK, BoG, CBN, etc.) for licensing, inspections, periodic returns, and thematic reviews. Interpret new/updated regulations and issue impact assessments with prioritized remediation roadmaps and budget asks.

– Data Protection & Residency: Oversee privacy and cross-border data flows in line with GDPR, POPIA, Nigeria NDPA/NDPR, Egypt PDPL, Kenya DPA, and other applicable statutes; supervise/serve as DPO. Ensure data-residency compliance (e.g., in-country processing/storage where mandated), define lawful transfer mechanisms, and approve Data Processing Agreements and SCCs. Run privacy by design, DPIAs, ROPAs, retention schedules, and subject-rights processes (DSARs, deletion, restriction).

– Information Security & IT Operations Compliance: Partner with CISO/CIO to align with PCI DSS, PCI 3DS, PCI PIN, ISO/IEC 27001, SOC 2, NIST CSF, ITIL and change/release, logging/monitoring, and incident/major outage processes. Own the second-line compliance testing program for access control, encryption, key management/HSM, secure SDLC, vulnerability & patch SLAs, and vendor/cloud controls. Approve exceptions and compensating controls, track closure.

– Business Continuity, Resilience & Crisis Management: Own BCM/DR consistent with ISO 22301 and scheme/central-bank expectations (RTO/RPO, dual-site/region strategies, DR tests, crisis comms). Validate annual scenario exercises, ensure lessons learned drive platform roadmaps and contracts (e.g., SLAs with DC/Cloud providers).

– Payment Scheme Compliance (Issuing & Acceptance): Ensure adherence to Visa/Mastercard/AmEx/UPI rules across issuing, acquiring, e-commerce/3-DS, tokenization, chargebacks/disputes, fraud monitoring, merchant compliance (PCI), and network bulletins. Maintain scheme attestations and certifications, manage rule change implementation programs, and lead responses to compliance inquiries or assessments.

– Enterprise Risk Management (ERM) & Assurance: Maintain enterprise Risk Register (operational, technology, legal, compliance, third-party, scheme, financial crime) with KRIs and risk appetite metrics. Run the annual Compliance Monitoring Plan (testing, thematic reviews, deep dives); track issues to closure and verify remediation. Coordinate internal audit and external assessments (PCI QSA, ISO audits, SOC, regulators, schemes).

– Third-Party & Cloud/Vendor Risk: Oversee due diligence, onboarding, sub-processor approvals, ongoing monitoring, and exit strategies for critical vendors, including cloud and regional DC providers for data-residency. Ensure contracts contain mandatory controls, audit rights, breach notification, and service resilience obligations.

– Culture, Training & Enablement: Drive a strong speak-up and compliance-by-design culture; publish practical playbooks and control checklists for product, engineering, and operations. Deliver role-based training (privacy, PCI, secure coding, change control, incident response, scheme rules).

– Incidents & Issues: Co-lead significant incidents (security, privacy, scheme, outages) from a compliance standpoint: regulatory notifications, customer communications, root-cause, and corrective action plans. Oversee breach registers and timely notifications aligned to each jurisdiction’s statutory requirements.

Qualifications:

– 10-15+ years in payments/fintech/banking compliance or risk, with at least 5 years leading multi-country
programs.

– Proven success navigating central-bank supervision and card-scheme compliance (issuing and acquiring).

– Hands-on experience with PCI DSS and at least one major framework (ISO 27001, SOC 2, NIST, COBIT),
plus ISO 22301 for BCM.

– Strong working knowledge of GDPR/POPIA/NDPA/PDPL and data-residency strategies (in-country hosting,
encryption/pseudonymization, cross-border transfers).

– Familiarity with 3-DS, EMV, tokenization, chargebacks, and fraud/risk tools.

– Track record setting up ERM, compliance monitoring, and vendor risk functions in high-availability tech
environments.

– Excellent stakeholder management (regulators, schemes, board), and the ability to translate rules into simple,
testable controls.

Education/Certifications (preferred):

– LLB/BS/BA with MSc/JD/MBA a plus; CIPP/E, CISM/CISA/CRISC, ISO27001 Lead Auditor/Implementer, PCI ISA/QSA (nice), CBCP/ISO 22301 Lead Implementer.

Applications:

Click on the button below to send your CV and covering letter adding the job title and your name in the subject line.

Closing date for applications:

Applications must be received before 30th of November.