Senior Information Security Officer (SISO) at Inkomoko
Inkomoko
- Kenya
- Permanent
- Full-time
- Information Security Strategy and Governance:
- Develop and implement an organization-wide information security strategy aligned with business objectives.
- Establish and maintain information security policies, standards, and procedures.
- Provide guidance and direction to senior management on information security matters.
- Chair the Information Security Steering Committee or equivalent governance body.
- Risk Management and Compliance:
- Identify, assess, and prioritize information security risks.
- Develop and implement risk mitigation strategies and controls.
- Ensure compliance with relevant laws, regulations, and industry standards (e.g., Local DPA, GDPR, ISO 27001, SOC1 & SOC2).
- Conduct regular security assessments and audits to assess compliance and identify areas for improvement.
- Security Operations:
- Oversee the operation of security controls and technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection.
- Monitor and analyze security alerts and incidents, leading incident response and investigation efforts.
- Coordinate with internal teams and external partners to remediate security vulnerabilities and threats.
- Security Awareness and Training:
- Develop and deliver information security awareness programs for employees, contractors, and third-party vendors.
- Provide training on security policies, procedures, and best practices to promote a culture of security awareness and compliance.
- Security Architecture and Engineering:
- Collaborate with IT teams to design and implement secure systems and networks.
- Review and approve system architecture and design changes to ensure alignment with security requirements.
- Evaluate and recommend security technologies and solutions to enhance the organization’s security posture.
- Incident Response and Business Continuity:
- Develop and maintain an incident response plan and business continuity/disaster recovery plan.
- Lead the response to security incidents, coordinating with internal teams and external stakeholders.
- Conduct post-incident reviews and implement lessons learned to improve incident response capabilities.
- Vendor and Third-Party Risk Management:
- Assess and manage security risks associated with third-party vendors and service providers.
- Establish security requirements for vendor contracts and agreements.
- Monitor vendor compliance with security requirements and conduct periodic reviews and audits.
- Other IT Infrastructure Duties:
- The role holder should expect to support any other IT duties as allocated by the IT Director and the Sr IT Infrastructure and System Admin.
- Continuous Improvement:
- Monitor the effectiveness of security controls and processes and recommend improvements.
- Stay informed about the evolving threat landscape and adjust security strategies accordingly.
- Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degree and professional certification (CompTia S+, CISSP, CISM, CISA, CISO) is preferred.
- 5-7 years of experience in information security, with a proven track record of progressively increasing responsibility and leadership.
- In-depth knowledge of information security principles, practices, technologies, and standards.
- Strong understanding of regulatory requirements and industry best practices related to information security (e.g., Local DPA, GDPR, ISO 27001, SOC1 & SOC2).
- Proficiency in security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, encryption, SIEM (Security Information and Event Management), and DLP (Data Loss Prevention) solutions.
- Strong knowledge of emerging cybersecurity threats and trends.
- Experience leading incident response and managing security incidents.
- Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders.
- Strong analytical and problem-solving skills, with the ability to analyze security risks and develop effective risk mitigation strategies.
- Ability to work collaboratively with cross-functional teams and external partners to achieve common security objectives.
- Competitive salary, and potential Goal-based bonus
- Incredible company culture, including deep investment in your learning and growth
- Diverse colleagues and policies that show our commitment to equity and inclusion
- Talented, passionate, and committed team colleagues across the region
- Ability to make a significant social impact to your community
- Generous health insurance, staff savings, parental leave, sabbatical, and more benefits.
Jobs in Kenya