Information Security Analyst at VeriTran

Harare, Harare, Zimbabwe -

Full Time

Start Date

Immediate

Expiry Date

24 Dec, 25

Salary

0.0

Posted On

25 Sep, 25

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Cybersecurity, Risk Management, Security Operations, Incident Response, Governance, Policy Development, Vulnerability Management, Scripting, Linux Administration, Secure Coding, Log Analysis, Analytical Skills, Problem Solving, Compliance, Audit Support

Industry

Financial Services

Description

Company Description Our Vision To modernise African banking by creating world-class, inclusive, and affordable financial ecosystems across Sub-Saharan Africa. We unlock new value for institutions through agile transformation, resilient digital cores, and next-gen delivery frameworks. Our Mission ZSS operates at the forefront of fintech innovation and managed services. We deliver intelligent automation, frictionless transaction capacity, and distributed trust models that enable banks to thrive in a digital-first economy. By combining agile practices, secure-by-design engineering, and adaptive compliance, we empower financial institutions to move faster, stay resilient, and scale with confidence. For ambitious professionals, ZSS offers the chance to shape transformative projects that push the boundaries of how financial services are imagined and delivered. Job Description Reporting directly to the Chief Information Officer, the Information Security Analyst is responsible for building, operating, and continuously improving the organisation’s enterprise information security and cyber resilience technical programme. This role combines governance and compliance with technical, hands-on security operations. The Information Security Analyst ensures alignment with National Payment Systems Cybersecurity Framework, PCI-DSS, ISO 27001, and other applicable standards and directives, while actively defending and monitoring critical systems. Key Responsibilities 1. Governance & Policy Develop and maintain the enterprise information security strategy, standards, and policies. Ensure alignment with NIST and NPS Cybersecurity Frameworks. Drive staff awareness programmes and enforce security baselines. 2. Risk Management Lead recurring cybersecurity risk assessments and maintain an actionable risk register. Identify and communicate risks to executive leadership and Risk & Compliance. Manage third-party/outsourcing risk controls. 3. Security Operations (Hands-On) Actively monitor, parse, and triage logs across servers, firewalls, SIEM, and applications. Write and maintain scripts (bash, Python, PowerShell, regex) to filter, correlate, and analyse data. Lead vulnerability scanning, penetration testing coordination, and remediation tracking. Tune SIEM rules, alerts, and dashboards for actionable intelligence. Support secure coding practices, review application security outputs, and guide developers on remediation. 4. Incident Response Lead security incident investigations: containment, forensics, root cause analysis. Coordinate breach notification and reporting with regulators and stakeholders. Maintain and test the Cybersecurity Incident Response Plan. 5. 3rd Party Liaison Act as a company representative in the role of cybersecurity officer. Maintain evidence of compliance for Third Party Security Assessments, Accreditations and and Audits. Provide clear risk and compliance reports to the Board. 6. Team Engagement Participate in cross-domain and multi-stakeholders projects to ensure secure-by-design/defence-in-depth approaches. Build capacity through training, technical exercises, and knowledge transfer. Coordinate with stakeholders to embed security controls. 7. Audit & Assurance Support all internal/external audits (TPSA, ITGC, PCI, ISO). Close audit findings with documented evidence and root cause fixes. Qualifications Required Skills & Qualifications Education: Batchelor of Science degree (2:1 or equivalent) in Information Security, Computer Science, or equivalent industrial experience. Certifications: CISSP, CISM, ISO 27001 LA, OSCP, or equivalent (advantageous but not a substitute for skills). Experience: Minimum 2–4 years in technical roles, ideally in banking, payments, or regulated industries. Core Skills: Strong Linux/Unix administration skills. Proficiency in scripting (bash, Python, PowerShell). Regex fluency and log analysis across SIEM, syslog, and application stacks. Secure coding principles and ability to critique/review methodologies and output Proven incident response and analysis experience. Understanding of OSI Stack, network security, firewalls, IDS/IPS, and vulnerability management. Essential Attributes Analytical mindset with strong problem-solving skills (must be able to read, parse, and make sense of data). Practical approach: able to operate with limited tools and resources. High personal integrity and accountability: role involves direct regulator engagement. Comfortable switching between high-level governance and low-level technical work. Additional Information This position is a permanent, full time position based in our offices in Harare, Zimbabwe. Please ensure you are eligible to live and work in that location before applying. We're looking for the best technical skills in the country and offer a package unrivalled to attract the very best.

Responsibilities

The Information Security Analyst is responsible for building, operating, and continuously improving the organization’s enterprise information security and cyber resilience technical program. This includes governance, compliance, and hands-on security operations to defend and monitor critical systems.