Requirements

• A Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Systems, Information Technology, Business Administration, or a related field (Master’s degree is advantageous).
  
• Industry-recognized certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), ISO 27001 Lead Auditor/Implementer, Certified Ethical Hacker (CEH), CompTIA Security+, AWS Certified Security Specialty, or equivalent cloud security certifications.
  
• Experience:
  
• 8 years of experience in information security, with at least 3 years in a leadership or management role focused on security governance, risk management, and compliance.
  
• Experience in the Financial Services or Fintech sector is advantageous
  
• Worked across diverse cultures and geographies
  
• Pan Africa multi-cultural experience is advantageous
  
• Experience working with security frameworks such as NIST, ISO 27001, and risk management methodologies.
  
• Proven experience in leading security policy development, governance, and compliance initiatives.
  
• Proven experience leading incident response and managing complex security events.
  

• Operational:
  
• Implement and manage cybersecurity policies, procedures, and controls to safeguard the organization’s digital assets.
  
• Oversee day-to-day cybersecurity operations, including incident response, threat detection, and vulnerability management.
  
• Monitor and analyze security events and incidents, ensuring timely response and resolution to mitigate risks.
  
• Conduct regular cybersecurity assessments and audits to identify weaknesses and ensure compliance with standards and regulations.
  
• Manage relationships with external cybersecurity vendors and service providers, ensuring effective collaboration and service delivery.
  
• Monitor the performance of managed service providers (MSPs) against agreed-upon service level agreements (SLAs) and key performance indicators (KPIs), ensuring adherence to contractual obligations.
  
• Tactical:
  
• Develop and execute cybersecurity training and awareness programs for employees to enhance security awareness and compliance.
  
• Implement security controls and technologies to protect against emerging cyber threats and vulnerabilities.
  
• Collaborate with cross-functional teams to integrate cybersecurity into the organization’s systems and processes.
  
• Lead the investigation and response to security incidents, coordinating with internal and external stakeholders for effective resolution.
  
• Develop and maintain incident response plans and procedures to minimize the impact of security breaches.
  
• Conduct regular reviews and assessments of MSP performance, identifying areas for improvement and implementing corrective actions as necessary.
  
• Strategic:
  
• Develop and implement a comprehensive cybersecurity strategy aligned with business objectives and risk management priorities.
  
• Identify emerging cybersecurity trends and technologies to enhance the organization’s security posture.
  
• Drive continuous improvement initiatives to strengthen cybersecurity controls and practices.
  
• Provide strategic guidance and recommendations to senior leadership on cybersecurity investments and priorities.
  
• Engage with industry forums and regulatory bodies to stay informed about evolving cybersecurity threats and best practices.
  
• Develop strategic partnerships with MSPs to enhance cybersecurity capabilities and support organizational growth objectives.
  
• Financial Planning:
  
• Develop and manage the cybersecurity budget, ensuring cost-effective allocation of resources to address key priorities and initiatives.
  
• Evaluate cybersecurity investments and expenditures to ensure alignment with organizational goals and objectives.
  
• Identify opportunities for cost savings and efficiencies in cybersecurity operations and technologies.
  
• Track and report on cybersecurity-related expenses and ROI to demonstrate value to stakeholders.
  
• Collaborate with finance and procurement teams to negotiate contracts and agreements with cybersecurity vendors and service providers.
  
• Monitor and manage the financial performance of MSPs, ensuring that contracted services are delivered within budget and in line with agreed-upon terms.
  
• Other Relevant Key Performance Areas:
  
• Regulatory Compliance: Ensure compliance with global cybersecurity standards and regulations, including GDPR, PCI DSS, and other relevant mandates.
  
• Risk Management: Identify and assess cybersecurity risks, develop risk mitigation strategies, and monitor risk levels to minimize organizational exposure.
  
• Stakeholder Engagement: Build and maintain strong relationships with internal and external stakeholders, providing regular updates and communication on cybersecurity matters.
  
• Innovation and Research: Stay abreast of emerging cybersecurity technologies and best practices, conducting research and pilot projects to assess their applicability and effectiveness within the organization.
  
• Incident Management: Lead the organization’s response to cybersecurity incidents, coordinating with internal teams and external partners to contain and remediate breaches effectively.
  
• Supervisory / Leadership / Managerial Tasks:
  
• Has responsibilities for directing, guiding, motivating and influencing others. This is inclusive of ;
  
• Set clear directions, goals and objectives for direct reports and team
  
• Monitor progress and maintain progress and maintain motivation.
  
• Manage performance of team
  
• Manage Staff career discussions, training and development and ensure necessary actions/ interventions are put in place
  
• Create an enabling environment and culture for team to perform
  
• Involvement in the process of hiring talent
  
• IT Security Responsibilities/ Tasks:
  
• Comply with all Information Security Policies and related documents
  
• Report security weakness/incidents to either the respective head of department or the Enterprise Information Security Manager
  
• Must not exploit known security weaknesses.
  
• Participate in all forms of Information Security Awareness
  
• Promote Continual improvement of Information Security
  
• Monitor compliance to the information security management system requirements by the Teams
  
• Communicate the importance of effective information security management to your teams
  
• Direct and support team/s to contribute to the effectiveness of the information security management system