Information Security Engineer

Engineering /
/ Hybrid
About KOKO Networks
KOKO Networks is a venture-backed climate-tech company with 1,700+ employees across East Africa, India, and the United Kingdom. Our mission is to imagine and deliver technology that improves life in the world’s fastest growing cities. We offer a fast-paced and highly collaborative work environment with significant opportunities for professional growth.  Our core lines of business currently include: (1) KOKO Fuel, an ultra-clean liquid bioethanol cooking fuel solution delivered via a network of smart fuel ATMs and leveraging existing downstream liquid fuels infrastructure; (2) KOKO Climate, which retails the emissions reductions that occur from switching households from deforestation-based charcoal to KOKO Fuel; and (3) KOKO Retail, a tech-enabled, direct-to-consumer, instant fulfillment retail platform operated in partnership with neighborhood retailers. In 2021, KOKO was selected as the world’s leading emerging markets climate technology solution by FT/IFC.

Your Role

As Information Security Lead, you will be responsible for the information security and risk management program. You will be primarily responsible for the design, implementation, management, and operations of security controls and systems to protect the confidentiality, integrity, and availability of KOKO’s information assets and improving our cyber-maturity. You will also lead risk assessments, develop, improve and implement security policies, procedures and standards aligned to best practices. Technically, you will develop the Infosec roadmap in consultation with the Head of ICT and Infosec, design technical infosec controls and own the vulnerability management program. You will work collaboratively and effectively with executives and other departments including product, operations, software engineering as well as 3rd party vendors and organisations to meet KOKO’s security objectives.

What you will do

    • Work closely with KOKO’s global business units, including product and software engineering, and country based ICT teams to Implement Infosec governance, security controls  and risk management programs adhering to best practices.
    • Ensure confidentiality, integrity and availability of services by owning aspects of Information security, risk management, technical controls, threat modeling and compliance to infosec policies.
    • Establish safeguards by creating disaster preparedness protocols, conducting preparedness tests, monitoring security tools and leading Incident management activities.
    • Design and develop the information security strategy and own the Information security program.
    • Provide supervisory and leadership support to IT security Officers and In-house SOC Analysts
    • Identify opportunities to improve risk posture, develop solutions for mitigating Infosec risks and processes for assessing the residual risk.
    • Review and improve Infosec controls, policies, standards, processes and frameworks and monitor compliance with the approved policies and procedures.
    • Lead security audits and data protection Initiatives, conduct vulnerability assessments and penetration testing, manage remediation efforts and track the closure of deficiencies. 
    • Provide Infosec related technical support in our software development lifecycle and enforce best practices including code reviews, and automated testing in the DevOps pipelines.
    • Identify, recommend new security architecture plans and designs, implement security controls and deliver or facilitate training for secure software coding practices to software developers.
    • Define Information security blueprints and provide guidance to departments and country based IT Operation teams, in order to standardize KOKO’s enterprise wide security and ensure consistency.
    • Provide Infosec related technical support in our software development lifecycle and enforce best practices including code reviews, and automated testing in the DevOps pipelines. 
    • Manage the ICT Information security budget.

What You Will Bring to KOKO

    • University degree in relevant fields like Information Technology, engineering or cyber security 
    • 6+ years of experience in a similar role, with a demonstrated track record of success
    • Practical understanding of Infosec, risk and compliance standards, frameworks and best practices. A professional certification is an added advantage (e.g CISSP, CISA, CISM, CRISC, ISO 27001)
    • 3+ years of management experience building, leading and mentoring Infosec or technology teams and comfortable working in a fast-paced and highly collaborative team environment.
    • General understanding and knowledge of regulatory requirements, security concepts, Information security governance, data protection and privacy laws and regulations.
    • Hands-on leader who is technically savvy and can balance best practice with pragmatism
    • Experience designing and implementing ICT strategy, roadmap, policies, procedures and standards 
    • Experience with cloud platforms (Preferably AWS)
    • Experience with vulnerability mitigation strategies, detection tools, techniques and remediation.
    • Experience with security tools, forensic tools, NAC, Antivirus, File Integrity Management, Intrusion Prevention, Network and Application Firewalls, Web Proxy, SIEM and DLP solutions.
    • Analytical thinker with ability to partner with management, technical team and external stakeholders to resolve complex security matters and develop policies, processes and guidelines.
    • Excellent communicator, detail-oriented with ability to manage shifting and competing priorities.
    • Self driven and strongly motivated with an ownership mindset and a can-do attitude.

What We Offer

    • Competitive salary plus a quarterly cash bonus
    • Annual compensation reviews - we reward great work
    • Hybrid working model - allowing you to split your time between in-person collaboration at one of our offices and working remotely
    • 21 days of annual leave plus public holidays plus examination leave
    • Ongoing investment in you and your skills, incl. full access to over 5,000 online courses
    • The right equipment for the job - a choice of MacBook, Windows, or Linux laptop

KOKO is committed to gender and racial diversity in the workplace. We encourage candidates of all backgrounds to apply!