Information Security Engineer

Your Role

As Information Security Lead, you will be responsible for the information security and risk management program. You will be primarily responsible for the design, implementation, management, and operations of security controls and systems to protect the confidentiality, integrity, and availability of KOKO’s information assets and improving our cyber-maturity. You will also lead risk assessments, develop, improve and implement security policies, procedures and standards aligned to best practices. Technically, you will develop the Infosec roadmap in consultation with the Head of ICT and Infosec, design technical infosec controls and own the vulnerability management program. You will work collaboratively and effectively with executives and other departments including product, operations, software engineering as well as 3rd party vendors and organisations to meet KOKO’s security objectives.

What you will do

• Work closely with KOKO’s global business units, including product and software engineering, and country based ICT teams to Implement Infosec governance, security controls  and risk management programs adhering to best practices.
• Ensure confidentiality, integrity and availability of services by owning aspects of Information security, risk management, technical controls, threat modeling and compliance to infosec policies.
• Establish safeguards by creating disaster preparedness protocols, conducting preparedness tests, monitoring security tools and leading Incident management activities.
• Design and develop the information security strategy and own the Information security program.
• Provide supervisory and leadership support to IT security Officers and In-house SOC Analysts
• Identify opportunities to improve risk posture, develop solutions for mitigating Infosec risks and processes for assessing the residual risk.
• Review and improve Infosec controls, policies, standards, processes and frameworks and monitor compliance with the approved policies and procedures.
• Lead security audits and data protection Initiatives, conduct vulnerability assessments and penetration testing, manage remediation efforts and track the closure of deficiencies. 
• Provide Infosec related technical support in our software development lifecycle and enforce best practices including code reviews, and automated testing in the DevOps pipelines.
• Identify, recommend new security architecture plans and designs, implement security controls and deliver or facilitate training for secure software coding practices to software developers.
• Define Information security blueprints and provide guidance to departments and country based IT Operation teams, in order to standardize KOKO’s enterprise wide security and ensure consistency.
• Provide Infosec related technical support in our software development lifecycle and enforce best practices including code reviews, and automated testing in the DevOps pipelines. 
• Manage the ICT Information security budget.

What You Will Bring to KOKO

• University degree in relevant fields like Information Technology, engineering or cyber security 
• 6+ years of experience in a similar role, with a demonstrated track record of success
• Practical understanding of Infosec, risk and compliance standards, frameworks and best practices. A professional certification is an added advantage (e.g CISSP, CISA, CISM, CRISC, ISO 27001)
• 3+ years of management experience building, leading and mentoring Infosec or technology teams and comfortable working in a fast-paced and highly collaborative team environment.
• General understanding and knowledge of regulatory requirements, security concepts, Information security governance, data protection and privacy laws and regulations.
• Hands-on leader who is technically savvy and can balance best practice with pragmatism
• Experience designing and implementing ICT strategy, roadmap, policies, procedures and standards 
• Experience with cloud platforms (Preferably AWS)
• Experience with vulnerability mitigation strategies, detection tools, techniques and remediation.
• Experience with security tools, forensic tools, NAC, Antivirus, File Integrity Management, Intrusion Prevention, Network and Application Firewalls, Web Proxy, SIEM and DLP solutions.
• Analytical thinker with ability to partner with management, technical team and external stakeholders to resolve complex security matters and develop policies, processes and guidelines.
• Excellent communicator, detail-oriented with ability to manage shifting and competing priorities.
• Self driven and strongly motivated with an ownership mindset and a can-do attitude.