Information Security Engineer
Job Details
permanent
Kenya
KOKO Networks
28/09/2023
Want updates for this and similar Jobs?
Full Job Description
About KOKO Networks
KOKO
Networks is a venture-backed climate-tech company with 1,200+
employees across East Africa & India. Our mission is to imagine and
deliver technology that improves life in the world’s fastest growing
cities. We offer a fast-paced and highly collaborative work
environment with significant opportunities for professional growth.
Our core lines of business currently include: (1) KOKO Fuel, an
ultra-clean liquid bioethanol cooking fuel solution delivered via a
network of smart fuel ATMs and leveraging existing downstream liquid
fuels infrastructure; (2) KOKO Climate, which retails the emissions
reductions that occur from switching households from
deforestation-based charcoal to KOKO Fuel; and (3) KOKO Club, a
tech-enabled, direct-to-consumer, instant fulfillment retail platform
operated in partnership with neighborhood retailers. In 2021, KOKO was
selected as the world’s leading emerging markets climate technology
solution by FT/IFC.
Your Role
As Information Security Lead, you will be
responsible for the information security and risk management program.
You will be primarily responsible for the design, implementation,
management, and operations of security controls and systems to protect
the confidentiality, integrity, and availability of KOKO’s information
assets and improving our cyber-maturity. You will also lead risk
assessments, develop, improve and implement security policies,
procedures and standards aligned to best practices. Technically, you
will develop the Infosec roadmap in consultation with the Head of ICT
and Infosec, design technical infosec controls and own the
vulnerability management program. You will work collaboratively and
effectively with executives and other departments including product,
operations, software engineering as well as 3rd party vendors and
organisations to meet KOKO’s security objectives.
What you will do
- Work closely with KOKO’s global business units, including product and software engineering, and country based ICT teams to Implement Infosec governance, security controls and risk management programs adhering to best practices.
- Ensure confidentiality, integrity and availability of services by owning aspects of Information security, risk management, technical controls, threat modeling and compliance to infosec policies.
- Establish safeguards by creating disaster preparedness protocols, conducting preparedness tests, monitoring security tools and leading Incident management activities.
- Design and develop the information security strategy and own the Information security program.
- Provide supervisory and leadership support to IT security Officers and In-house SOC Analysts
- Identify opportunities to improve risk posture, develop solutions for mitigating Infosec risks and processes for assessing the residual risk.
- Review and improve Infosec controls, policies, standards, processes and frameworks and monitor compliance with the approved policies and procedures.
- Lead security audits and data protection Initiatives, conduct vulnerability assessments and penetration testing, manage remediation efforts and track the closure of deficiencies.
- Provide Infosec related technical support in our software development lifecycle and enforce best practices including code reviews, and automated testing in the DevOps pipelines.
- Identify, recommend new security architecture plans and designs, implement security controls and deliver or facilitate training for secure software coding practices to software developers.
- Define Information security blueprints and provide guidance to departments and country based IT Operation teams, in order to standardize KOKO’s enterprise wide security and ensure consistency.
- Provide Infosec related technical support in our software development lifecycle and enforce best practices including code reviews, and automated testing in the DevOps pipelines.
- Manage the ICT Information security budget.
What You Will Bring to KOKO
- University degree in relevant fields like Information Technology, engineering or cyber security
- 6+ years of experience in a similar role, with a demonstrated track record of success
- Practical understanding of Infosec, risk and compliance standards, frameworks and best practices. A professional certification is an added advantage (e.g CISSP, CISA, CISM, CRISC, ISO 27001)
- 3+ years of management experience building, leading and mentoring Infosec or technology teams and comfortable working in a fast-paced and highly collaborative team environment.
- General understanding and knowledge of regulatory requirements, security concepts, Information security governance, data protection and privacy laws and regulations.
- Hands-on leader who is technically savvy and can balance best practice with pragmatism
- Experience designing and implementing ICT strategy, roadmap, policies, procedures and standards
- Experience with cloud platforms (Preferably AWS)
- Experience with vulnerability mitigation strategies, detection tools, techniques and remediation.
- Experience with security tools, forensic tools, NAC, Antivirus, File Integrity Management, Intrusion Prevention, Network and Application Firewalls, Web Proxy, SIEM and DLP solutions.
- Analytical thinker with ability to partner with management, technical team and external stakeholders to resolve complex security matters and develop policies, processes and guidelines.
- Excellent communicator, detail-oriented with ability to manage shifting and competing priorities.
- Self driven and strongly motivated with an ownership mindset and a can-do attitude.
What We Offer
- Competitive salary plus a quarterly cash bonus
- Annual compensation reviews - we reward great work
- Hybrid working model - allowing you to split your time between in-person collaboration at one of our offices and working remotely
- 21 days of annual leave plus public holidays plus examination leave
- Ongoing investment in you and your skills, incl. full access to over 5,000 online courses
- The right equipment for the job - a choice of MacBook, Windows, or Linux laptop
Report Job
Information Security Engineer
KOKO Networks
Report to WhatJobs
All Direct Job Ads are subject to WhatJobs Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by WhatJobs. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.