Tiko logo

Information Security Officer (ISO)

Tiko
1 day ago
On-site

Do you believe information security is about building rigid fortress walls that grind product innovation to a halt, or about architecting intelligent guardrails that allow a global platform to move fast securely? If you are a security leader who prefers pragmatic risk mitigation over dogmatic compliance checklists, we have an ecosystem for you to protect.


About Tiko

Tiko is an African nonprofit committed to strengthening the potential and resilience of adolescent girls across Africa. We address the “Triple Threat” of unintended pregnancy, HIV infection, and sexual and gender-based violence by building local health ecosystems that provide stigma-free, no-cost, quality-assured services.

Our model brings together key local actors: community-based organizations (CBO) with peer mobilisers who act as health companions to girls; public and private health clinics that deliver care; and retail partners that redeem Tiko Miles -our behaviour-change incentive programme that rewards service uptake and feedback.

We invest in partners by strengthening CBO capacity, training frontline workers and providers, supporting clinic quality improvement, and compensating partners based on performance. Our technology platform connects all actors by enabling referrals, verifying service delivery, facilitating payments, and generating real-time data.

Tiko operates in six countries: Kenya, Ethiopia, Uganda, Burkina Faso, South Africa, and Nigeria, with additional offices in Portugal, the Netherlands, and the United Kingdom. For a clear overview of our work, we recommend watching this short video.


Globally, our team consists of +250 enthusiastic, international colleagues. Whether you are working from our biggest office in Nairobi, the fast-growing office in South Africa, or from home, our people are young, and our culture is global and dynamic. Our work environment is fast-paced, informal, and friendly.


For this position we will happily accept applicants from South Africa, Kenya, and Portugal.

The Job

We are looking for an Information Security Officer (ISO) to take complete ownership of protecting Tiko’s global digital assets. In this role, you will be the definitive authority on security risk, providing expert guidance to ensure our employees, systems, and third-party partners protect the sensitive data of the communities we serve.

Operating at the intersection of infrastructure, compliance, and emerging technology, you will design and enforce our security frameworks (such as ISO 27001 and NIST) across all active and future markets. You will partner closely with our IT, Engineering, and Privacy teams to embed a culture of security into everything we build—from baseline network defense to advanced AI governance.


Key Responsibilities

Security Architecture, Risk & AI Governance

  • Secure Design: Partner directly with IT and development teams to integrate information security into the architecture of new systems and services from the ground up, promoting secure coding practices throughout the SDLC.
  • Threat Modelling & Risk: Lead comprehensive risk assessments, vulnerability management, penetration testing, and threat modelling to systematically isolate and mitigate technical infrastructure risks.
  • AI & Privacy Alignment: Collaborate with the Privacy team to assess and mitigate security risks associated with emerging AI tools, establishing safeguards that promote the secure, responsible, and compliant use of artificial intelligence.


Infrastructure, Network & Vendor Security

  • Technical Controls: Design, implement, and maintain robust technical measures to safeguard our network, servers, and endpoints (including firewalls, IDS/IPS, anti-malware, and advanced encryption solutions).
  • Supply Chain Security: Oversee information security due diligence for all external vendors, ensuring appropriate security clauses, data protection standards, and SLAs are contractually locked in before onboarding third parties.
  • Postures & Monitoring: Continuously monitor network traffic and system health to detect, isolate, and respond to anomalous or suspicious activities before they escalate.


Incident Response, Compliance & Culture

  • Incident Leadership: Lead the development, simulation, and execution of our incident response plans. When an anomaly or breach occurs, you will coordinate stakeholders, conduct root-cause analyses, and manage regulatory reporting.
  • Framework Compliance: Develop and maintain internal security policies to ensure Tiko remains fully aligned with global cybersecurity frameworks (e.g., ISO 27001, NIST) across diverse regulatory markets.
  • Security Awareness: Design and deliver engaging security awareness training, workshops, and internal communication campaigns to cultivate a proactive, security-first mindset among all staff and contractors.
  • Horizon Scanning: Conduct ongoing threat intelligence gathering to stay ahead of emerging vulnerabilities, zero-day exploits, and changing compliance landscapes.

About You

You are a highly analytical risk strategist who balances technical depth with exceptional diplomacy. You are not the "Department of No"; instead, you are a collaborative problem-solver who finds ways to say "Yes, securely." You are comfortable challenging internal assumptions, communicating complex technical threats clearly to non-technical leaders, and remaining calm, decisive, and authoritative during high-pressure security incidents.

Requirements

  • Proven Expertise: Substantial experience operating in a dedicated Information Security, Cyber Security, or Risk Management capacity, ideally within complex or multi-market digital ecosystems.
  • Framework Mastery: Deep, working knowledge of deploying and auditing leading cybersecurity frameworks (specifically ISO 27001 and NIST).
  • Technical Depth: Practical understanding of network security design, firewalls, IDS/IPS configurations, data encryption standards, endpoint protection, and secure SDLC principles.
  • AI & Privacy Literacy: Familiarity with data protection compliance and emerging security risk models associated with enterprise AI tools.
  • Incident Management: Demonstrable experience creating incident response playbooks and leading root-cause investigations.
  • Language: Fluent written and verbal English communication skills, with a talent for clear, direct documentation.


Recruitment Process

Introductory call with recruiter | First Interview with the Legal Manager & Data Architect | Final interview with the CTO


Compensation & Benefits

The gross salary range per month for this position is:

South Africa: R50,374 - R70,000 (x12)

Portugal: €2,382 - €3,500 (x14)

Kenya: Ksh273,679 - Ksh400,000 (x12)


Your final salary will be determined based on your experience and alignment with your future colleagues.


In addition to your monthly salary, we offer you:

  • Benefits and allowances tailored to your location.
  • Flexible work arrangements, including remote or hybrid options.
  • A personal development budget of €500 per year to invest in your professional growth
  • Unlimited holiday days to use as you see fit - just coordinate with your team and take the time you need to recharge.
  • The opportunity to shape a growing, impactful product and leave your mark on how we work
  • A culture built on trust - we believe you’ll do your best without the need for unnecessary rules or micromanagement


The Details

Interested? Click Apply for This Job! Want more information? Check out our website Tiko – Do more with Tiko. We only accept applications through the apply links, not by email.


Important Recruitment Fraud Alert
Please be aware that Tiko maintains a professional and ethical recruitment process.

  • Zero Fees: We do not charge candidates any fees for applications, interviews, or processing at any stage of the hiring journey.
  • Fraud Prevention: If you receive a request for money, bank details, or "onboarding equipment" payments from someone claiming to represent us, this is not a legitimate request.
  • Official Channels: We only communicate through our verified company email domain (@tiko.org).


If you are approached by anyone asking for payment in our name, please ignore the request.


Tiko prioritizes integrity in our workplace and respects your privacy.

Tiko is committed to preventing any type of unwanted behaviour by its employees at work, including sexual harassment, exploitation and abuse, lack of integrity and financial misconduct. This is why we will do reference and background screening checks on successful candidates before hiring. Tiko also participates in the Inter Agency Misconduct Disclosure Scheme. As part of this scheme, we will request information from your previous employers about any findings of sexual exploitation, sexual abuse and/or sexual harassment during your employment, or incidents under investigation when you left employment. By applying for this position, you confirm you have read and understood these recruitment procedures.

We value your privacy and understand the importance of safeguarding your personal data. We invite you to review our privacy notice for the recruitment process to understand how we collect, use, and protect your personal data during the recruitment process. Click here to view the document. By applying for this position, you acknowledge that you have read and understood our privacy notice.