Job Profile and Responsibilities
ExpressCredit is a global consumer finance company operating in Zambia and three surrounding countries, including Namibia, Botswana, and Lesotho.
We operate a multi-channel lending platform for private and government sector employees underserved by mainstream financiers. As a good corporate citizen, our goal is to help people in need of short-term and long-term financial assistance – all of which make a meaningful and lasting impact on the local communities.
ExpressCredit is a game-changer and one of the fastest microlenders in the country. A combination of new technologies, mobile sales, and a network of branches and direct sales positions us well for growth and building a sizeable, well-performing loan portfolio. We are looking for a suitably qualified, competent, and highly motivated professional based in Lusaka to fill the position of Information Security Officer .
Responsibilities
- Develop, implement, and enforce information security policies and procedures to align with business objectives and regulatory requirements.
- Conduct security risk assessments to identify, analyse, and mitigate potential security risks in IT infrastructure, applications, and third-party services.
- Manage and improve the organization’s security awareness program, including phishing campaigns, training, and educational initiatives.
- Monitor, analyse, and respond to security events and alerts in SIEM and other security platforms.
- Investigate security incidents, coordinate response efforts, and drive root cause analysis to prevent recurrence.
- Collaborate with management, IT, compliance, and legal teams to ensure security requirements are embedded across business processes.
- Conduct internal and external security audits, ensuring compliance with best practices and regulatory mandates.
Requirements:
- Previous experience in a similar role managing security governance, risk, and compliance
- Strong expertise in information security governance and risk management frameworks.
- Proven experience in risk assessment methodologies, security controls, and compliance audits to evaluate and mitigate potential threats.
- Deep understanding of cybersecurity attack vectors, vulnerabilities, and threat landscapes, along with practical strategies for mitigation.
- Hands-on experience in policy development and implementation of security policies, procedures, and security awareness programs in corporate environment.
- Experience conducting security risk assessments for IT systems, third-party vendors, and cloud environments.
- Ability to educate a nontechnical audience about various security measures.
- Operational experience with key security technologies, including:
- i) Endpoint Protection Systems
- ii) Vulnerability Management Systems
- iii)Security Information and Event Management
- iv)Cloud security platforms
- Excellent organizational, analytical, and communication skills with the ability to work collaboratively across departments.