Information Security Manager at Twiga Foods

The role holder is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the Twiga enterprise environment.

The role holder serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies.

Key Responsibilities

Governance

• Creating and managing security strategies
• Develop and publish Information Security and data privacy policies and processes that encourage secure working and protect data.
• Lead implementation of information security policies/processes across the Twiga digital/cloud environment in collaboration with stakeholders from tech and various departments.
• Actively liaise with the development team to ensure a secure architecture.
• Actively liaise with third-party vendors to ensure all initiatives are successfully delivered as per mandate.
• Plan and manage information security budget.

Risk Management

• Oversee regular information risk identification, assessment and mitigation activities with business and technology teams
• Investigate and analyse existing cloud structures and create new and enhanced security methods that will enhance the security of
• cloud-based environments.
• Responsible for identifying, defining and implementing appropriate security controls for our cloud applications and systems.
• Assess current technology architecture for vulnerabilities, weaknesses and for upgrades and/or improvement.

Security Incident Management

• Monitor security incidents on Technology services and systems.
• Track security resolution incidents and anomalies.
• Lead incident response for minor/major/critical incidents in collaboration with relevant stakeholders.

Security Training & Awareness

• Provide information security awareness training to organization personnel.
• Communicate information security goals and new programs effectively with other department managers within the organization
• Serve as a focal point of contact for the information security team within the organization and externally to vendors.

Budget Development and monitoring

• Developing and reviewing the budget and costs under cyber security scope of work & identify areas for cost savings.
• Reviewing vendor implementation contracts to ensure Twiga gets value for money.

Disaster Recovery

• Manage and configure physical/cloud security, disaster recovery and data backup systems.
• Develop a BCP guideline to ensure information security standards are maintained.

Team-management

• Model Twiga’s culture and way of working
• Drive the achievement of the performance objectives set for the team. Hold monthly 1-on-1 performance reviews with reports, and follow up corrective action where performance falls below expectation.
• Proactively manage own and team learning and development
• Ensure team adheres to the agreed annual leave plan
• Ensure team adheres to people management policies

Compliance

• Comply with all organization policies, procedures, and statutory guidelines. Minimize and mitigate risks to the organization and enforce zero-tolerance to non-compliance.
• Close gaps/lapses identified as an outcome of audits; risk and/or any other compliance review; investigations; or other assessment mechanisms and take corrective/preventive actions within the agreed timelines.

Minimum Qualifications & Requirements

• Bachelor’s degree in computer science or Computer Engineering or relevant education.
• Relevant industry certifications (e.g., CEH, CISSP, CISA, ITIL) are an added advantage.
• 7 years relevant experience
• Information security risk management
• Implementation of cloud-based information security controls
• Training and awareness on information security
• Vulnerability management
• Must be well versed in Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network-based scanners).
• Must be versed in GCP suite and how to secure it
• Thorough understanding of cryptographic primitives and their underlying principles.
• Thorough understanding of networking protocols, such as TCP/IP.
• Basic programming proficiency, sufficient to write and execute scripts from the command line.
• Working understanding of Agile Development and IT Service Management frameworks.
• Working understanding of information security and data privacy standards (ISO 27001, NIST, GDPR)
• Excellent communication skills (documentation, presentation, facilitation).
• Ability to translate complex ideas into simple solutions on paper.