Kifiya Financial Technologies
About the Job
Location:
Addis Abeba
Department:
CISO
Reports To:
Chief Information Security Officer
About Kifiya:
Kifiya is an AI-powered financial and market infrastructure company advancing inclusive economic growth across Africa. We design and deploy risk decisioning systems, intelligent financial infrastructure, and market linkage platforms that unlock credit, insurance, payments, and capital access for MSMEs and smallholder farmers. We build the AI, data, and financial infrastructure that helps financial institutions serve hard-to-finance segments at scale.
Business Unit Description
The CISO Unit safeguards Kifiya’s enterprise systems, AI-driven financial infrastructure, data assets, internal technology stack, and digital transformation programs.
The unit ensures enterprise-wide protection, operational continuity, regulatory compliance, secure architecture design, and automation governance aligned with global best practices and financial sector standards.
Position Summary
The Head of Cyber Security leads the operational execution of Kifiya’s enterprise cyber defense program. The role translates the enterprise cyber risk strategy defined by the Chief Information Security Officer into operational security controls, monitoring capabilities, and incident response readiness across the organization’s digital infrastructure.
The Head oversees the Security Operations Center, vulnerability management program, threat detection capabilities, and cyber defense engineering functions. The role ensures the protection of Kifiya’s financial systems, artificial intelligence platforms, cloud environments, data infrastructure, and digital capital market systems.
This position also ensures the implementation of Zero Trust security architecture, secure development of lifecycle integration, identity security enforcement, and continuous threat monitoring across the enterprise technology ecosystem.
Key Responsibilities
Cyber Security Operations Leadership
Lead the enterprise cyber defense capability responsible for protecting financial infrastructure, artificial intelligence systems, cloud environments, and enterprise applications.
Oversee the Security Operations Center responsible for real time monitoring, threat detection, and incident triage.
Ensure continuous monitoring coverage across all critical enterprise systems, applications, and infrastructure.
Define and enforce operational cyber defense procedures and escalation protocols.
Ensure operational readiness to detect and respond to advanced persistent threats targeting financial technology infrastructure.
Threat Detection and Incident Response
Establish detection capabilities across network, cloud, endpoint, and application layers.
Oversee investigation and response to cyber incidents including malware, phishing, credential compromise, data exfiltration attempts, and infrastructure intrusion.
Coordinate cross functional response during cyber security incidents impacting enterprise operations.
Ensure post incident forensic analysis and lessons learned documentation.
Maintain incident response readiness through simulation exercises and red team testing.
Vulnerability and Exposure Management
Establish enterprise wide vulnerability scanning and exposure assessment program.
Oversee vulnerability remediation across infrastructure, applications, and cloud environments.
Define vulnerability prioritization frameworks based on enterprise risk exposure.
Ensure remediation of critical vulnerabilities within defined service level thresholds.
Track vulnerability remediation performance and report exposure metrics to the CISO.
Infrastructure and Cloud Security Enforcement
Ensure implementation of enterprise security controls across cloud platforms, networks, and server infrastructure.
Oversee security configuration of firewalls, web application firewalls, endpoint protection platforms, and intrusion detection systems.
Ensure secure deployment and configuration of cloud environments supporting financial and artificial intelligence platforms.
Validate infrastructure security compliance with enterprise architecture standards.
Identity and Access Security
Ensure enforcement of Identity and Access Management controls across all enterprise systems.
Ensure mandatory multi factor authentication across critical platforms and privileged access accounts.
Monitor identity governance frameworks to prevent unauthorized system access.
Ensure continuous monitoring of identity compromise risks and suspicious authentication patterns.
Secure Software Development Integration
Ensure integration of security controls into the software development lifecycle.
Ensure application security testing processes are embedded within development pipelines.
Define application vulnerability remediation protocols.
Work closely with engineering teams to prevent security vulnerabilities within production systems.
Security Monitoring and Intelligence
Oversee enterprise threat intelligence monitoring to identify emerging threats targeting financial platforms and artificial intelligence systems.
Ensure integration of threat intelligence feeds into detection systems.
Monitor indicators of compromise across enterprise infrastructure.
Continuously improve detection rules and threat hunting capabilities.
Security Metrics and Operational Reporting
Define cyber security operational performance indicators.
Report cyber defense performance metrics to the CISO.
Maintain operational visibility of security incidents, vulnerabilities, and threat activity.
Produce regular security posture reports for executive review.
Security Program Implementation
Implement enterprise cyber security initiatives defined by the CISO.
Support internal and external cyber security audits.
Ensure implementation of enterprise cyber security policies and standards.
Coordinate security remediation programs across technology teams.
Key Outputs
Cyber Defense Operations
Vulnerability and Exposure Management
Identity and Infrastructure Protection
Security Monitoring and Threat Intelligence
Cyber Security Governance
About You
Qualifications and Experience
Bachelor’s or Master’s degree in Cybersecurity, Information Security, Computer Science, or a related discipline.
Minimum ten to twelve years of cybersecurity experience including leadership of security operations or cyber defense teams.
Experience securing financial services platforms, fintech infrastructure, or regulated digital financial environments.
Experience managing Security Operations Center capabilities and incident response teams.
Experience implementing Zero Trust architecture, cloud security controls, and secure development lifecycle practices.
Professional certifications such as CISSP, CISM, or equivalent are preferred.
Core Competencies
Cyber security operations management
Threat detection and incident response
Vulnerability management frameworks
Cloud and infrastructure security
Identity and Access Management
Security monitoring platforms
Secure development lifecycle integration
Threat intelligence analysis