Information Security Officer

ExpressCredit is a global consumer finance company operating in Zambia and three surrounding countries, including Namibia, Botswana, and Lesotho.

We operate a multi-channel lending platform for private and government sector employees underserved by mainstream financiers. As a good corporate citizen, our goal is to help people in need of short-term and long-term financial assistance – all of which make a meaningful and lasting impact on the local communities. Express Credit is a game-changer and one of the fastest microlenders in the country. A combination of new technologies, mobile sales, and a network of branches and direct sales positions us well for growth and building a sizeable, well-performing loan portfolio.

We are looking for a suitably qualified, competent, and highly motivated professional based in Lusaka to fill the position of Information Security Officer to safeguard the organization’s IT infrastructure, data, and systems by implementing security policies, identifying risks, and ensuring compliance with industry standards.

Responsibilities

• Develop, implement, and enforce information security policies and procedures to align with business objectives and regulatory requirements.
• Conduct security risk assessments to identify, analyse, and mitigate potential security risks in IT infrastructure, applications, and third-party services.
• Manage and improve the organization’s security awareness program, including phishing campaigns, training, and educational initiatives.
• Monitor, analyze, and respond to security events and alerts in SIEM and other security platforms.
• Investigate security incidents, coordinate response efforts, and drive root cause analysis to prevent recurrence.
• Collaborate with management, IT, compliance, and legal teams to ensure security requirements are embedded across business processes.
• Conduct internal and external security audits, ensuring compliance with best practices and regulatory mandates.

Requirements:

• Previous experience in a similar role managing security governance, risk, and compliance
• Strong expertise in information security governance and risk management frameworks.
• Proven experience in risk assessment methodologies, security controls, and compliance audits to evaluate and mitigate potential threats.
• Deep understanding of cybersecurity attack vectors, vulnerabilities, and threat landscapes, along with practical strategies for mitigation.
• Hands-on experience in policy development and implementation of security policies, procedures, and security awareness programs in corporate environment.
• Experience conducting security risk assessments for IT systems, third-party vendors, and cloud environments.
• Ability to educate a nontechnical audience about various security measures.
• Operational experience with key security technologies, including:
  i) Endpoint Protection Systems
  ii) Vulnerability Management Systems
  iii)Security Information and Event Management
  iv)Cloud security platforms
• Excellent organizational, analytical, and communication skills with the ability to work collaboratively across departments.

Qualification

•  Bachelors Degree in IT or any related field.
• 3 years of demonstrated experience in a similar role and in related field
• preferably in a Micro Finance institution
•  Problem-solving and decision-making abilities.
• Exceptional analytical skills and a good eye for detail.
• Ability to cope under pressure and Stress management skills.
•  Good planning and organization skills
•  Good communication and presentation skills
•  Holder of a valid driving license