Information Security Compliance Specialist at Mukuru

An exciting opportunity exists for an Information Security Compliance Specialist to join the Mukuru Team 

The information security specialist supports the information security team in implementing the Mukuru information security programme and privacy programme to improve, maintain and assess security measures across the business.

Reporting directly to the head of information security, this role is to ensure security controls are implemented and managed across Mukuru’s production application stack and infrastructure to improve the overall security posture while maintaining the security integrity of the Mukuru brand.

This role suites a technically inclined individual who enjoys interacting with people and is self-driven with interest in problem solving.

You will function as an analyst to interrogate processes across the company as well as implement security measures, drive compliance, improve security hygiene and resolve issues by responding to IT threats and vulnerabilities. Key duties include managing various security registers across the environment as well dealing with 3rd party due diligence assessments.

You will maintain controls to protect unauthorized access, disclosure, modification, and deletion of Mukuru’s information, resources and networks. You have an eye for detail and are always looking to improve Mukuru’s overall security position. This includes conducting routine security risk analysis, balancing business needs against best practice, monitoring vulnerabilities and record and mitigate risk.

Duties and Responsibilities (Include but is not limited to):

• Maintaining the information security management system
• Supporting the Data Protection Program
• Build and review secure procedures, operational guidelines, policies and standards.
• 3rd Party Risk management
• Maintain security and privacy registers.
• Perform Data Privacy Impact Assessments
• Carry out audits on IT procedures, systems and networks.
• Identify potential areas of risk that need to be addressed.
• Implement SOPs where required.
• Maintain tight access controls across the business.
• Process hardening and upliftment.
• Incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.
• Resolve audit findings.
• Compile ad-hoc reports on security focus areas
• Attend all required training and courses.
• Recognised industry certifications such as CISSP, ISSAP, CISM, ISO 27001, OSCP, CEH
• Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behaviour.
• Investigate security breaches, including root cause investigations.
• Maintain current knowledge of cyber security incidents and trends.
• Keep up to date with the latest industry trends, tools and standards.
• Research new technologies and approaches in order to ensure best practice is applied.
• Identify innovative approaches to ensure world-class security measures are in place.
• Gather all IT security statistics.
• Compile accurate monthly reports and submit to Head of Information Security
• Attend KPI meetings and 1on1s.
• Maintain knowledge of legislative and industry security requirements

Key Requirements:

• Grade 12 or equivalent (Essential)
• Tertiary qualification in computer science or related field (Essential)
• 4+ years’ experience in IT systems security (Essential)
• IT operations
• DevOps or DevSecOps
• Banking/fintech background favourable
• Knowledge of IT systems and network security
• Knowledge of Cloud Platform security
• Container security
• Software security
• Vulnerability scanners, Anti-malware, EDR, etc
• Frameworks such as ISO27001, BSIMM,

Additional Skills:

• Multitasking skills
• Computer skills
• Attention to detail.
• Analytical skills
• Report Writing
• Ability to work fully independently.