Information Security Manager

Company Description

iKhokha is one of the fastest-growing fintech companies in Africa. As you'd expect, our pace is fast-moving and ever-changing. We like it that way.
Our office is a high performance environment where we push each other to challenge the status quo. If that doesn’t appeal to you, you probably shouldn’t work here.

Job Description

We're on the lookout for an experienced Information Security Maestro to join our crew. Your mission? To shield our digital kingdom, create ingenious security strategies, and be the guardian of our data realm.

Purpose of the Role: 

To actively protect the organization’s assets, data, cryptographic tools (including encryption keys) and information systems from threats. These threats could compromise essential operational data, IT infrastructure, compliance posture and sensitive merchant or employee data.

Also, continually achieving various attestation of compliance (AoC) from regulatory authorities, including but not limited to the Payment Card Industry (PCI) and VISA, while maintaining best practice in accordance with regulatory authorities such as but not limited to the POPI Act.

The Deal Breakers: 

• 7+ years’ experience as an ISO
• 7+ years’ experience in PCI Data security standards
• 7+ years’ experience in PCI PIN and Key encryption and management of keys
• 3+ years’ experience in POPIA compliance

What does the role entail? (Areas of responsibilities):

Information Security

• Manage, monitor, and report on the Network Operation Centre (NOC).
• Manage, monitor, and report on the Security Operation Centre (SOC).
• Heads major investigations and responses to critical events that impact the organisation.
• Manage the selection, testing, deployment and maintenance of security related software products and tools.
• Software Change Request (SCR) and Network Change Request (NCR) approval.
• Develop, implement, and amend process, procedures, and policies to ensure correct and secure usage of all Information Security systems.

Compliance and Best practice Requirements

• Assess risk and conduct root cause analysis to recommend, implement and/or design new features and functionalities to support payments & information security compliance initiatives.
• Manage implementation of any new payments & information security compliance requirements for existing or new needs.
• Manage all evidence collection activities relating to payments & information security compliance.
• Coordinate with all business units and the enterprise to obtain and validate evidence required for payments & information security compliance and assessments.
• Incrementally improve the evidence collection process and streamline evidence collection procedures.
• Regularly communicate PCI DSS, PCI PIN, PCI MPOC and POPI requirements and the status of PCI DSS, PCI PIN, PCI MPOC and POPI compliance to relating business units and Exco.
• Communicate regularly with assessors and adjust the payments & security compliance program as needed.
• Coordinates with company and vendor SMEs to ensure adherence to program requirements.
• Manage relationship of payments & security compliance needs in conjunction with needs of the Product team.
• Challenge and validates assessment decisions from both internal business units as well as external partners/vendors.
• Build and manage an ongoing Cybersecurity awareness training program to cater for various business units’ compliance requirements.
• Develop, implement, and amend process, procedures, and policies to ensure compliance and best practice is reached and maintained.

Physical Security

• Develop, implement, and amend policies to ensure the physical safety of all visitors, employees, and customers.
• Safeguarding of property and assets of the organization (i.e., equipment, stock, building, storage)
• Monitor the correct implementation of the organization's security equipment and protocols - Alarm system, CCTV, access control, access rights and time zones, arming and dis-arming of alarm system, alarm activations and armed responses.
• Simulate security breaches to test the infrastructure, policies and procedures and provide remedies for any shortfalls.
• Manage the selection, testing, deployment and maintenance of security hardware and software products as well as outsourced arrangements.
• Take appropriate actions to ensure staff are properly trained on security and security systems and informed on compliance requirements while being well equipped to manage potential issues or breaches.

Information Technologies

• Managing custodian of Microsoft 365 (encompassing online services such as Outlook.com, OneDrive, SharePoint, Microsoft Teams, other Microsoft programs).
• Manage the selection, testing, deployment, and maintenance of Information Technologies related software products and tools.
• Develop, implement, and amend policies, processes, and procedures to enable business needs and to ensure Information Technology systems and tools are handled and used in a compliant/ best practice manner.
• Approve user access rights to Information technologies related software products, tools, services, and sensitive data.
• Network Change Request (NCR) and Software Change Request (SCR) approval.
• Manage relationship with outsourced and in-house IT team members.
• Assist with High level outsourced and in-house IT team member’s ticketing queries.

Qualifications

Qualifications:

• Certified ISO/IEC 27001 Lead Implementer
• ISO 31000:18 Corruption & Fraud Risk Management
• Security Expert certification NSE 1 and 2
• Certified Information Security System Professional (CISSP) certification would be advantageous.
• Certified PayShield Systems Engineer would be advantageous.

Additional Information

Perks of joining the Tribe?

• You get to work in a high growth company. Sink your teeth into meaningful work with tangible results you are accountable for.
• Hybrid, remote and in office work models.
• Remuneration & Benefits. We offer company contributions to Medical Aid and a group risk scheme.
• Visionary leadership. 
• Study leave.  
• Access to on demand learning and development.
• A friendly, collaborative culture and a team of all-round-lekker humans (it’s true, we surveyed our employees and they told us so).
• If you find yourself at HQ, coffee on tap and a selection of hot beverages provided by our onsite Barista.