Information Security Officer at Centum

The Role:

The Information Security Officer (ISO) will serve as a key member of the first line of defense within the company, focusing on safeguarding our digital assets and ensuring the ongoing security of our systems. As part of the broader Enterprise Risk Management (ERM) framework, the ISO will lead the implementation and maintenance of a comprehensive information security program. This includes governance, protection, detection, and response to security threats. The ISO will work closely with cross-functional teams to identify risks, deploy protective controls, and ensure rapid detection and effective recovery from security incidents. Additionally, the ISO will play a critical role in fostering a secure working environment for both staff and clients while ensuring compliance and supporting sound decision-making throughout the organization.

Key Accountabilities:

Cybersecurity Planning & Governance

• Implement and refine the company’s existing Information Security Strategy to align with business goals and regulatory requirements.
• Maintain and enforce security policies and frameworks to ensure consistent governance across the organization.

Protection & Prevention

• Enhance and manage technical and procedural security controls to protect systems, networks, and sensitive data.
• Conduct regular security assessments to identify gaps and lead improvements in security measures.
• Ensure secure processes and change management practices are in place for ongoing operations.

 Monitoring & Detection

• Ensure continuous monitoring and rapid detection of potential security breaches or vulnerabilities.
• Maintain threat intelligence to stay ahead of emerging risks and adjust monitoring strategies accordingly.

Response & Recovery

• Improve and test the incident response plan to ensure it effectively addresses security incidents.
• Lead and coordinate responses to security breaches or incidents, minimizing disruption to operations.
• Facilitate recovery efforts post-incident, ensuring swift restoration of services and systems.
• Conduct post-incident reviews to refine response strategies and security measures.

Compliance & Reporting

• Provide monthly reports on compliance status of security initiatives to senior leadership with quarterly reports for the Board.
• Ensure appropriate documentation of all security activities, incidents, and improvements for auditing and reporting purposes.

Minimum Requirements:

• Bachelor’s degree in information security, Computer Science, Information Technology, or related field.
• Ethical Hacking Certification, CISM, certification or equivalent.
• Knowledge KaliLinux or similar tools.
• At least 5 years of experience in information security, preferably at least 2 years in a in the financial or investment sector.
• In-depth knowledge of security technologies, risk management frameworks, and cybersecurity best practices.
• Experience with security incident handling, vulnerability management, and security monitoring.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication skills with the ability to the ability to report technical security matters to senior leadership