Information Security Engineer
Your
Role
As Information Security Lead, you will be
responsible for the information security and risk management program. You will
be primarily responsible for the design, implementation, management, and
operations of security controls and systems to protect the confidentiality,
integrity, and availability of KOKO’s information assets and improving our
cyber-maturity. You will also lead risk assessments, develop, improve and
implement security policies, procedures and standards aligned to best
practices. Technically, you will develop the Infosec roadmap in consultation
with the Head of ICT and Infosec, design technical infosec controls and own the
vulnerability management program. You will work collaboratively and effectively
with executives and other departments including product, operations, software
engineering as well as 3rd party vendors and organisations to meet KOKO’s
security objectives.
What you will do
- Work closely with KOKO’s global business units, including
product and software engineering, and country based ICT teams to Implement
Infosec governance, security controls and risk management programs
adhering to best practices.
- Ensure confidentiality, integrity and availability of
services by owning aspects of Information security, risk management,
technical controls, threat modeling and compliance to infosec policies.
- Establish safeguards by creating disaster preparedness
protocols, conducting preparedness tests, monitoring security tools and
leading Incident management activities.
- Design and develop the information security strategy and own
the Information security program.
- Provide supervisory and leadership support to IT security
Officers and In-house SOC Analysts
- Identify opportunities to improve risk posture, develop
solutions for mitigating Infosec risks and processes for assessing the
residual risk.
- Review and improve Infosec controls, policies, standards,
processes and frameworks and monitor compliance with the approved policies
and procedures.
- Lead security audits and data protection Initiatives, conduct
vulnerability assessments and penetration testing, manage remediation
efforts and track the closure of deficiencies.
- Provide Infosec related technical support in our software
development lifecycle and enforce best practices including code reviews,
and automated testing in the DevOps pipelines.
- Identify, recommend new security architecture plans and
designs, implement security controls and deliver or facilitate training
for secure software coding practices to software developers.
- Define Information security blueprints and provide guidance
to departments and country based IT Operation teams, in order to
standardize KOKO’s enterprise wide security and ensure consistency.
- Provide Infosec related technical support in our software
development lifecycle and enforce best practices including code reviews,
and automated testing in the DevOps pipelines.
- Manage the ICT Information security budget.
What You Will Bring to
KOKO
- University degree in relevant fields like Information
Technology, engineering or cyber security
- 6+ years of experience in a similar role, with a demonstrated
track record of success
- Practical understanding of Infosec, risk and compliance
standards, frameworks and best practices. A professional certification is
an added advantage (e.g CISSP, CISA, CISM, CRISC, ISO 27001)
- 3+ years of management experience building, leading and
mentoring Infosec or technology teams and comfortable working in a
fast-paced and highly collaborative team environment.
- General understanding and knowledge of regulatory
requirements, security concepts, Information security governance, data
protection and privacy laws and regulations.
- Hands-on leader who is technically savvy and can balance best
practice with pragmatism
- Experience designing and implementing ICT strategy, roadmap,
policies, procedures and standards
- Experience with cloud platforms (Preferably AWS)
- Experience with vulnerability mitigation strategies,
detection tools, techniques and remediation.
- Experience with security tools, forensic tools, NAC,
Antivirus, File Integrity Management, Intrusion Prevention, Network and
Application Firewalls, Web Proxy, SIEM and DLP solutions.
- Analytical thinker with ability to partner with management,
technical team and external stakeholders to resolve complex security
matters and develop policies, processes and guidelines.
- Excellent communicator, detail-oriented with ability to
manage shifting and competing priorities.
- Self driven and strongly motivated with an ownership mindset
and a can-do attitude.
What We Offer
- Competitive salary plus a quarterly cash bonus
- Annual compensation reviews – we reward great work
- Hybrid working model – allowing you to split your time
between in-person collaboration at one of our offices and working remotely
- 21 days of annual leave plus public holidays plus examination
leave
- Ongoing investment in you and your skills, incl. full access
to over 5,000 online courses
- The right equipment for the job – a choice of MacBook,
Windows, or Linux laptop
How To Apply
KOKO is committed to gender and racial diversity
in the workplace. We encourage candidates of all backgrounds to apply!
