Senior Information Security Officer (SISO) at Inkomoko

About the Opportunity

The Senior Information Security Officer (SISO) will be responsible for ensuring the security and integrity of an organization's information and technology systems. The Senior Information Security Officer plays a crucial role in safeguarding an organization's information assets and ensuring the confidentiality, integrity, and availability of sensitive data.

The successful candidate will be reporting to the IT Director with a dotted line to the Senior IT Infrastructure and Systems Administrator.

Responsibilities

• Information Security Strategy and Governance:
  • Develop and implement an organization-wide information security strategy aligned with business objectives.
  • Establish and maintain information security policies, standards, and procedures.
  • Provide guidance and direction to senior management on information security matters.
  • Chair the Information Security Steering Committee or equivalent governance body.
• Risk Management and Compliance:
  • Identify, assess, and prioritize information security risks.
  • Develop and implement risk mitigation strategies and controls.
  • Ensure compliance with relevant laws, regulations, and industry standards (e.g., Local DPA, GDPR, ISO 27001, SOC1 & SOC2).
  • Conduct regular security assessments and audits to assess compliance and identify areas for improvement.
• Security Operations:
  • Oversee the operation of security controls and technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection.
  • Monitor and analyze security alerts and incidents, leading incident response and investigation efforts.
  • Coordinate with internal teams and external partners to remediate security vulnerabilities and threats.
• Security Awareness and Training:
  • Develop and deliver information security awareness programs for employees, contractors, and third-party vendors.
  • Provide training on security policies, procedures, and best practices to promote a culture of security awareness and compliance.
• Security Architecture and Engineering:
  • Collaborate with IT teams to design and implement secure systems and networks.
  • Review and approve system architecture and design changes to ensure alignment with security requirements.
  • Evaluate and recommend security technologies and solutions to enhance the organization's security posture.
• Incident Response and Business Continuity:
  • Develop and maintain an incident response plan and business continuity/disaster recovery plan.
  • Lead the response to security incidents, coordinating with internal teams and external stakeholders.
  • Conduct post-incident reviews and implement lessons learned to improve incident response capabilities.
• Vendor and Third-Party Risk Management:
  • Assess and manage security risks associated with third-party vendors and service providers.
  • Establish security requirements for vendor contracts and agreements.
  • Monitor vendor compliance with security requirements and conduct periodic reviews and audits.
• Other IT Infrastructure Duties:
  • The role holder should expect to support any other IT duties as allocated by the IT Director and the Sr IT Infrastructure and System Admin.
• Continuous Improvement:
  • Monitor the effectiveness of security controls and processes and recommend improvements.
  • Stay informed about the evolving threat landscape and adjust security strategies accordingly.

Minimum Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree and professional certification (CompTia S+, CISSP, CISM, CISA, CISO) is preferred.
• 5-7 years of experience in information security, with a proven track record of progressively increasing responsibility and leadership.
• In-depth knowledge of information security principles, practices, technologies, and standards.
• Strong understanding of regulatory requirements and industry best practices related to information security (e.g., Local DPA, GDPR, ISO 27001, SOC1 & SOC2).
• Proficiency in security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, encryption, SIEM (Security Information and Event Management), and DLP (Data Loss Prevention) solutions.
• Strong knowledge of emerging cybersecurity threats and trends.
• Experience leading incident response and managing security incidents.
• Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders.
• Strong analytical and problem-solving skills, with the ability to analyze security risks and develop effective risk mitigation strategies.
• Ability to work collaboratively with cross-functional teams and external partners to achieve common security objectives.

What You'll Get

This role is inside a high-growth, mission-driven social enterprise. By joining, you’ll access:

• Competitive salary, and potential Goal-based bonus
• Incredible company culture, including deep investment in your learning and growth
• Diverse colleagues and policies that show our commitment to equity and inclusion 
• Talented, passionate, and committed team colleagues across the region
• Ability to make a significant social impact to your community
• Generous health insurance, staff savings, parental leave, sabbatical, and more benefits.