Chief Information Security Officer

Ouagadougou, Ouagadougou, Burkina Faso
Full Time
Manager/Supervisor
Job Summary
As CISO, you are the owner of information security, data protection, cyber risk and regulatory compliance for the company’s mobile installment business in Burkina Faso. R&D work will be undertaken by the headquarters R&D team; your core role is to master local security and data protection regulations, assist the headquarters R&D team in security deployment, and ensure that data security, network security, system security and other aspects fully meet SDF licensing and local strict regulatory requirements. You will be responsible for building and implementing the local security compliance system to protect customer data and business operations.

Key Responsibilities
  1. Regulatory Compliance & Security Policy
  • Proficient in Burkina Faso’s information security and data protection regulations, including CIL, ARCEP, WAEMU/BCEAO, and other relevant financial security norms, and interpret these requirements for the headquarters R&D team.
  • Develop and enforce local information security policies, standards and procedures aligned with SDF license requirements, CIL and international standards (ISO 27001), covering data protection, network security, access control, etc.
  • Prepare and submit security compliance materials required by regulators, respond to security audits, and ensure that the company’s security work meets regulatory requirements.
  1. Coordination with Headquarters R&D Team on Security Deployment
  • Communicate local security and regulatory requirements to the headquarters R&D team, provide security guidance for system R&D and deployment, and ensure that security controls are embedded in the system design and deployment process.
  • Review the security solutions, data encryption schemes, network security architectures proposed by the headquarters R&D team, confirm that they meet local regulatory requirements, and put forward modification suggestions if necessary.
  • Assist the headquarters R&D team in security testing, vulnerability rectification and security deployment in Burkina Faso, and ensure that the deployed system meets local security standards.
  1. Data Protection & Privacy
  • Oversee the protection of customer PII and financial data, coordinate with the headquarters R&D team to implement encryption (data at rest/in transit), tokenization, data retention and secure disposal measures in line with CIL requirements.
  • Manage user consent, data access rights and cross-border data transfer controls, ensure that all data processing activities are compliant with local laws.
  1. Cyber Risk Management & Assessment
  • Conduct regular cyber risk assessments, vulnerability scans and penetration tests on the deployed systems, mobile app, APIs and internal networks, and coordinate with the headquarters R&D team to rectify potential vulnerabilities.
  • Identify and manage security risks such as fraud (application/identity), account takeover, data leakage and ransomware, and work with the headquarters R&D team to implement prevention and control measures.
  1. Incident Response & Security Awareness
  • Develop and test incident response playbooks (data breach, ransomware, fraud), lead the local team to respond to security incidents, and coordinate with the headquarters R&D team for disposal and reporting.
  • Deliver regular security training to local staff, agents and partners, and build a security culture aligned with regulatory requirements and financial services best practices.
  1. Regulatory Reporting & Stakeholder Communication
  • Serve as the primary security contact for local regulators (ARCEP, CIL, WAEMU/BCEAO) and SDF auditors, and submit required security reports and compliance evidence.
  • Report security risks, compliance status and incident handling results to the CEO/Board and headquarters team regularly.
Required Qualifications
  • Bachelor’s in Cybersecurity, IT, Computer Science; CISSP/CISM/CISCA or equivalent certification is mandatory.
  • 6+ years information security leadership experience in fintech/financial services, with in-depth understanding of mobile lending/installment business security risks; experience in Francophone West Africa is a strong plus.
  • Proficient in Burkina Faso’s CIL data protection law, ARCEP, WAEMU/BCEAO financial security regulations, and experience in security compliance for licensed financial institutions or SDF-level entities is preferred.
  • Familiar with security technologies such as SIEM, IAM, encryption, DLP, vulnerability management and incident response, and experience in coordinating with remote R&D teams for security deployment.
  • Experience in anti-fraud, AML and customer data protection for mobile financial services.
  • Fluent in English & French (mandatory for communication with regulators and headquarters).
  • Resident in Burkina Faso or willing to relocate (SDF license requirement).
Preferred
  • Prior experience as CISO/security lead for an SDF or licensed consumer finance institution in Burkina Faso.
  • ISO 27001 lead auditor, PCI-DSS or AML certification.
  • Established relationships with local regulators (ARCEP, CIL) and cybersecurity authorities.

 
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Human Check*