Postes à Gqeberha, United States

Our client is a technology company solving payments problems for businesses. Their mission is to help businesses in Africa become profitable, envied, and loved. They provide a suite of products to help businesses accept payments online and offline, manage their operations, and grow their business. Our client is driven by a commitment to excellence, innovation, and customer satisfaction.

Our client is looking for a well-rounded leader who will be responsible for building the security program and improving our client’s overall security posture. This area is very important to our client as it is a requirement for them to be better positioned to meet the needs of their customers and enables trust with the mission of safeguarding their customers’ assets and data against an evolving landscape of sophisticated global and local threats.

Job Type: Permanent

Location: South Africa

Work Place: Remote

• Experience with information security governance, risk and compliance experience for a global organization
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk
• A strategic business partner with the ability to articulate complex security concepts and risks in business terms to non-technical stakeholders, including the executive team and the board
• Possesses the capacity to effectively lead, manage, and inspire a team, enabling them to achieve both strategic and functional objectives
• Experience developing and publishing company-wide policies, standards, and other governance documents
• Ability to work very well cross-functionally and are able to think rigorously and make hard decisions and tradeoffs
• Ability to demonstrate initiative, operate autonomously, and assume complete responsibility for tasks
• In-depth knowledge of cybersecurity principles, industry standards, frameworks, and best practices
• Ability to manage key customer relationships, including with senior management across business units
• Proven experience scaling a security program in a high-growth, fast-paced technology or fintech environment
• Excellent written and verbal communication skills

Strategy and Compliance:

• Develop and implement a scalable information security strategy aligning with the company’s business objectives.
• Ensure compliance with relevant laws, regulations, and industry standards, including PCI DSS, GDPR, and local Nigerian data protection laws (e.g., NDPR).
• Ensure security architecture can adapt to and support the company’s growth trajectory.
• Educate staff in the organization on the best IT practices and regulatory requirements.
• Work closely with other high-level executives to develop all-encompassing security strategies within the organization’s context and goals.

Risk Management:

• Own and manage the end-to-end security risk management framework.
• Identify, assess, and prioritize security risks across the organization, translating them into a clear risk posture for executive leadership and the board.
• Align security initiatives with the company's defined risk appetite.

Team Management:

• Recruit, mentor, and lead a high-performing, multi-disciplinary security team.
• Foster a culture of continuous learning and development to stay ahead of emerging threats and technologies

Threat Intelligence and Incident Response:

• Establish and mature a robust threat intelligence program to proactively identify, analyze, and mitigate emerging threats, particularly those targeting the African fintech ecosystem.
• Design, operationalize, and regularly test our incident response, business continuity, and disaster recovery plans to ensure organizational resilience.

Security Architecture and Technology:

• Oversee the design of secure systems and review application and infrastructure security architectures, ensuring scalability and adherence to security by design principles.
• Implement proactive security measures and controls to prevent security breaches and minimize potential impact, including managing and implementing various security technologies and tools (e.g., SIEM, IDS/IPS, vulnerability scanners).
• Lead the cloud security strategy, ensuring robust configuration, monitoring, and protection of our client’s cloud infrastructure and services.

Financial Management and Justification:

• Develop business cases that support information security program investments.
• Obtain management support for information security program investments highlighted in the endorsed business cases.
• Manage the security budget and forecast costs.

Communication and Stakeholder Engagement:

• Disseminate the organization's information security goals and objectives to business units and senior management.
• Represent the organization in security-related matters with external parties and stakeholders.
• Manage key customer relationships, including with senior management across business units.
• Influence cross-functional and cross-business units to accomplish strategic goals.

Training and Awareness:

• Design and implement security awareness training programs for all staff.

Metrics and KPIs:

• Develop and track relevant Key Performance Indicators (KPIs) such as incident response times, compliance audit results, and vulnerability management metrics.

Cross-functional Collaboration:

• Work closely with the Engineering team and other technical departments to ensure security is integrated into all development and operational processes.