Business Information Security Officer (BISO)

Daystar Power Group is a Pan-African provider of solar and hybrid power solutions, offering its systems on a Power Purchase Agreement (PPA), fixed monthly fee lease or buy-out basis. All our solutions are accompanied by comprehensive maintenance services, to ensure the solutions run 365 days a year. We are currently operational in seven countries including Nigeria, Ghana, Togo, Senegal, Ivory Coast, South Africa and Tanzania.

We are looking to engage a competent and experienced Business Information Security Officer (BISO) whose principal responsibility would be to ensure that Daystar IDT stay in control of information risks and compliance; even as we enable Business opportunities, while empowering Daystar’s workforce to have security in their DNA as we continuously improve the basic security of our digital landscape from the Lagos - Nigeria office.

We are seeking a hard-working, self-motivated, and well-organized individual with a focus on continuous improvement to exceed expectations.

Daystar Power Group is an equal opportunity employer, committed to promoting diversity and inclusion in the workplace. We prohibit all forms of discrimination and harassment based on race, colour, gender, religion, sexual orientation, national origin, disability, genetic information, pregnancy or any other characteristic protected by federal, state or local law.

The BISO is responsible for all IT Governance, Risk, Compliance and Assurance.

BISO is the Daystar cyber and information security lead responsible for:

• Interfacing with Group CyberDefense Team when an incident occurs, managing the incident to closure, in order to protect Daystar’s landscape (systems, networks, and data) from cyber threats.

• Single point of contact for control, compliance and operations risk.
• Ensure IRM activities (e.g. risk acceptance, vulnerability, IRM projects, compliance status) are visible and actioned across Daystar. Reporting for Daystar Business and IDT leadership and facilitate review, escalation, drive implementation.
• Design and own Daystar Control and Compliance reporting & dashboard.
• Drive change and implement simplification including elimination.
• Drive gamification approach for Compliance and Control.
• Lead Daystar Think Secure Champions network.
• Act as Operational Readiness Framework Lead/Focal Point for Daystar.
• End-to-end accountable for the coordination and timely execution of outbound assurance to customers, partners and regulatory bodies.
• Work hand in hand with other BISOs, IDT community and business orchestrating execution of outbound assurance queries from customers, partners and regulatory bodies.
• Provide internal Assurance Services (incl. Testing): Performing end-to-end Compliance Testing on controls put in place to minimise risk. Focused Risk Reviews and Process Walk through for IT applications/processes to identify unmitigated risks.

Requirements

• Bachelor’s/ Master’s degree in ICT, Electrical/Electronic Engineering and Computer Science. Candidates with degrees in other subjects but with strong hands-on domain achievements and relevant certifications in the areas listed above are also acceptable.

• The Business Information Security Officer is expected to have relevant skills and experience in at least Domains – Information Risk Management and IT Ops.
• • At least 5 years in Information Risk Management and IT Operations.
  • Certifications (one or more is desired): PCIP, CISSP, CISM, CISA, CCSP, CRISC, ISO 27001.
  • Proficiency in the use of the following Tools is a strong additional advantage - Power Apps and Power BI.
  • Excellent understanding of Information Risks Management processes and frameworks covering risk management, project risk engagement, project assurance and audit & compliance management.
  • Knowledge of Cyber Ops concepts. Good understand technical vulnerabilities and ability to recommend remediations.
  • Experience in conducting and communicating security evaluations and communicating cyber risk impacts, consequences to all levels of stakeholders.
  • Proven ability in balancing IT control and compliance requirements/needs/standards in terms of risk and affordability & feasibility to the IT operation teams.
  • In depth understanding of, and solid experiences with IRM and its impact on application development and IT operations as well as the IT Infrastructure.
  • In-depth understanding of IT Operations and the challenges in delivery of reliable and secure solutions.
  • Understanding of the principles and practices involved in development and maintenance of the business IT applications
  • Detailed knowledge of Information Security developments and practices.
  • Demonstrates good practical knowledge of wide areas of IS concepts and practices.
  • Strong awareness of the evolving threat landscape and the main vulnerabilities and other weaknesses that IT solutions must avoid.

Benefits

• Opportunity to work in a forward-looking, innovative company, with international group of colleagues.
• Unlimited career opportunities - depending on achievements and personal development.
• A competitive salary and benefits package with long term prospect in a fast-growing company.