Background information about the job or company (e.g., role context, company overview)

The role is dedicated to developing robust security frameworks, ensuring global regulatory compliance, and managing a high-performing team to maintain data integrity and stakeholder trust. They ensure compliance with global standards and regulations, mitigate risks, and maintain the trust of stakeholders.

Responsibilities or duties

Main Job Functions:

Operational:

• Implement and manage cybersecurity policies, procedures, and controls to safeguard the organization's digital assets.
• Oversee day-to-day cybersecurity operations, including incident response, threat detection, and vulnerability management.
• Monitor and analyze security events and incidents, ensuring timely response and resolution to mitigate risks.
• Conduct regular cybersecurity assessments and audits to identify weaknesses and ensure compliance with standards and regulations.
• Manage relationships with external cybersecurity vendors and service providers, ensuring effective collaboration and service delivery.
• Monitor the performance of managed service providers (MSPs) against agreed-upon service level agreements (SLAs) and key performance indicators (KPIs), ensuring adherence to contractual obligations.

Tactical:

• Develop and execute cybersecurity training and awareness programs for employees to enhance security awareness and compliance.
• Implement security controls and technologies to protect against emerging cyber threats and vulnerabilities.
• Collaborate with cross-functional teams to integrate cybersecurity into the organization's systems and processes.
• Lead the investigation and response to security incidents, coordinating with internal and external stakeholders for effective resolution.
• Develop and maintain incident response plans and procedures to minimize the impact of security breaches.
• Conduct regular reviews and assessments of MSP performance, identifying areas for improvement and implementing corrective actions as necessary.

Strategic:

• Develop and implement a comprehensive cybersecurity strategy aligned with business objectives and risk management priorities.
• Identify emerging cybersecurity trends and technologies to enhance the organization's security posture.
• Drive continuous improvement initiatives to strengthen cybersecurity controls and practices.
• Provide strategic guidance and recommendations to senior leadership on cybersecurity investments and priorities.
• Engage with industry forums and regulatory bodies to stay informed about evolving cybersecurity threats and best practices.
• Develop strategic partnerships with MSPs to enhance cybersecurity capabilities and support organizational growth objectives.

Financial Planning:

• Develop and manage the cybersecurity budget, ensuring cost-effective allocation of resources to address key priorities and initiatives.
• Evaluate cybersecurity investments and expenditures to ensure alignment with organizational goals and objectives.
• Identify opportunities for cost savings and efficiencies in cybersecurity operations and technologies.
• Track and report on cybersecurity-related expenses and ROI to demonstrate value to stakeholders.
• Collaborate with finance and procurement teams to negotiate contracts and agreements with cybersecurity vendors and service providers.
• Monitor and manage the financial performance of MSPs, ensuring that contracted services are delivered within budget and in line with agreed-upon terms.

Other Relevant Key Performance Areas:

• Regulatory Compliance: Ensure compliance with global cybersecurity standards and regulations, including GDPR, PCI DSS, and other relevant mandates.
• Risk Management: Identify and assess cybersecurity risks, develop risk mitigation strategies, and monitor risk levels to minimize organizational exposure.
• Stakeholder Engagement: Build and maintain strong relationships with internal and external stakeholders, providing regular updates and communication on cybersecurity matters.
• Innovation and Research: Stay abreast of emerging cybersecurity technologies and best practices, conducting research and pilot projects to assess their applicability and effectiveness within the organization.
• Incident Management: Lead the organization's response to cybersecurity incidents, coordinating with internal teams and external partners to contain and remediate breaches effectively.

Supervisory / Leadership / Managerial Tasks:

Has responsibilities for directing, guiding, motivating and influencing others. This is inclusive of ;

• Set clear directions, goals and objectives for direct reports and team
• Monitor progress and maintain progress and maintain motivation.
• Manage performance of team
• Manage Staff career discussions, training and development and ensure necessary actions/ interventions are put in place
• Create an enabling environment and culture for team to perform
• Involvement in the process of hiring talent

IT Security Responsibilities/ Tasks:

• Comply with all Information Security Policies and related documents
• Report security weakness/incidents to either the respective head of department or the Enterprise Information Security Manager
• Must not exploit known security weaknesses.
• Participate in all forms of Information Security Awareness
• Promote Continual improvement of Information Security
• Monitor compliance to the information security management system requirements by the Teams
• Communicate the importance of effective information security management to your teams
• Direct and support team/s to contribute to the effectiveness of the information security management system

Qualifications or requirements (e.g., education, skills)

Education:

• A Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Systems, Information Technology, Business Administration, or a related field (Master’s degree is advantageous).
• Industry-recognized certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), ISO 27001 Lead Auditor/Implementer, Certified Ethical Hacker (CEH), CompTIA Security+, AWS Certified Security Specialty, or equivalent cloud security certifications.

Experience needed

Experience:

• 8 years of experience in information security, with at least 3 years in a leadership or management role focused on security governance, risk management, and compliance.
• Experience in the Financial Services or Fintech sector is advantageous
• Worked across diverse cultures and geographies
• Pan Africa multi-cultural experience is advantageous
• Experience working with security frameworks such as NIST, ISO 27001, and risk management methodologies.
• Proven experience in leading security policy development, governance, and compliance initiatives.
• Proven experience leading incident response and managing complex security events.

Competencies:

Technical Proficiency:

• Strong understanding of financial principles and experience in budgeting processes related to cybersecurity initiatives.
• Familiarity with regulatory requirements and compliance standards in the fintech industry, such as GDPR, PCI DSS, HIPAA, etc.
• Excellent communication, leadership, and decision-making skills, with the ability to effectively communicate complex cybersecurity concepts to both technical and non-technical stakeholders.
• Ability to adapt to changing business needs and lead cybersecurity teams in a fast-paced and dynamic environment, while maintaining a focus on risk ma

• Implement and manage cybersecurity policies, procedures, and controls to safeguard the organization's digital assets.
• Oversee day-to-day cybersecurity operations, including incident response, threat detection, and vulnerability management.
• Monitor and analyze security events and incidents, ensuring timely response and resolution to mitigate risks.
• Conduct regular cybersecurity assessments and audits to identify weaknesses and ensure compliance with standards and regulations.
• Manage relationships with external cybersecurity vendors and service providers, ensuring effective collaboration and service delivery.
• Monitor the performance of managed service providers (MSPs) against agreed-upon service level agreements (SLAs) and key performance indicators (KPIs), ensuring adherence to contractual obligations.
• Develop and execute cybersecurity training and awareness programs for employees to enhance security awareness and compliance.
• Implement security controls and technologies to protect against emerging cyber threats and vulnerabilities.
• Collaborate with cross-functional teams to integrate cybersecurity into the organization's systems and processes.
• Lead the investigation and response to security incidents, coordinating with internal and external stakeholders for effective resolution.
• Develop and maintain incident response plans and procedures to minimize the impact of security breaches.
• Conduct regular reviews and assessments of MSP performance, identifying areas for improvement and implementing corrective actions as necessary.
• Develop and implement a comprehensive cybersecurity strategy aligned with business objectives and risk management priorities.
• Identify emerging cybersecurity trends and technologies to enhance the organization's security posture.
• Drive continuous improvement initiatives to strengthen cybersecurity controls and practices.
• Provide strategic guidance and recommendations to senior leadership on cybersecurity investments and priorities.
• Engage with industry forums and regulatory bodies to stay informed about evolving cybersecurity threats and best practices.
• Develop strategic partnerships with MSPs to enhance cybersecurity capabilities and support organizational growth objectives.
• Develop and manage the cybersecurity budget, ensuring cost-effective allocation of resources to address key priorities and initiatives.
• Evaluate cybersecurity investments and expenditures to ensure alignment with organizational goals and objectives.
• Identify opportunities for cost savings and efficiencies in cybersecurity operations and technologies.
• Track and report on cybersecurity-related expenses and ROI to demonstrate value to stakeholders.
• Collaborate with finance and procurement teams to negotiate contracts and agreements with cybersecurity vendors and service providers.
• Monitor and manage the financial performance of MSPs, ensuring that contracted services are delivered within budget and in line with agreed-upon terms.
• Ensure compliance with global cybersecurity standards and regulations, including GDPR, PCI DSS, and other relevant mandates.
• Identify and assess cybersecurity risks, develop risk mitigation strategies, and monitor risk levels to minimize organizational exposure.
• Build and maintain strong relationships with internal and external stakeholders, providing regular updates and communication on cybersecurity matters.
• Stay abreast of emerging cybersecurity technologies and best practices, conducting research and pilot projects to assess their applicability and effectiveness within the organization.
• Lead the organization's response to cybersecurity incidents, coordinating with internal teams and external partners to contain and remediate breaches effectively.
• Set clear directions, goals and objectives for direct reports and team
• Monitor progress and maintain progress and maintain motivation.
• Manage performance of team
• Manage Staff career discussions, training and development and ensure necessary actions/ interventions are put in place
• Create an enabling environment and culture for team to perform
• Involvement in the process of hiring talent
• Comply with all Information Security Policies and related documents
• Report security weakness/incidents to either the respective head of department or the Enterprise Information Security Manager
• Must not exploit known security weaknesses.
• Participate in all forms of Information Security Awareness
• Promote Continual improvement of Information Security
• Monitor compliance to the information security management system requirements by the Teams
• Communicate the importance of effective information security management to your teams
• Direct and support team/s to contribute to the effectiveness of the information security management system

• Strong understanding of financial principles and experience in budgeting processes related to cybersecurity initiatives.
• Familiarity with regulatory requirements and compliance standards in the fintech industry, such as GDPR, PCI DSS, HIPAA, etc.
• Excellent communication, leadership, and decision-making skills, with the ability to effectively communicate complex cybersecurity concepts to both technical and non-technical stakeholders.
• Ability to adapt to changing business needs and lead cybersecurity teams in a fast-paced and dynamic environment, while maintaining a focus on risk ma

• A Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Systems, Information Technology, Business Administration, or a related field (Master’s degree is advantageous).
• Industry-recognized certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), ISO 27001 Lead Auditor/Implementer, Certified Ethical Hacker (CEH), CompTIA Security+, AWS Certified Security Specialty, or equivalent cloud security certifications.
• 8 years of experience in information security, with at least 3 years in a leadership or management role focused on security governance, risk management, and compliance.
• Experience in the Financial Services or Fintech sector is advantageous
• Worked across diverse cultures and geographies
• Pan Africa multi-cultural experience is advantageous
• Experience working with security frameworks such as NIST, ISO 27001, and risk management methodologies.
• Proven experience in leading security policy development, governance, and compliance initiatives.
• Proven experience leading incident response and managing complex security events.