IT Security Officer

Hobbiton Technologies is a proudly Zambian-owned fintech company that develops cutting-edge software for the insurance, capital markets, and payments sectors. We power innovation through technology that simplifies how businesses and individuals manage money, invest, and transact. Our ecosystem includes: Patumba – a digital savings and investment platform designed to help individuals grow and manage their wealth. Lipila Later – a solution that enables businesses and lenders to automate loan applications, tracking, and repayments with ease. Lipila Payment Gateway – a robust platform that allows businesses to seamlessly collect and disburse funds. Digital insurance platforms such as Inshuwa and Gari, complemented by agent and broker portals that deliver end-to-end solutions for both insurers and customers. At Hobbiton, we believe in transforming ideas into reality- the smart way. Our culture is dynamic, forward-looking, and built for innovators who want to shape the future of digital finance in Zambia and beyond. To know more about us, click on the following link; https://hobbiton.tech/ The Opportunity Hobbiton is seeking a highly skilled, vigilant, and results-driven Information Security Officer to safeguard our digital ecosystem and financial platforms. Based at our Head Office in Lusaka, this role is ideal for a seasoned cybersecurity professional with strong experience in fintech or regulated environments, who is passionate about protecting systems, mitigating cyber and fraud risks, and ensuring compliance with industry and regulatory standards. If you currently reside in Lusaka or are willing to self-relocate, this is your opportunity to play a critical role in securing cutting-edge fintech solutions that power Zambia’s digital financial ecosystem. What You Will Do Security Monitoring and Protection Continuously monitor IT systems, networks, and payment platforms for vulnerabilities and threats. Implement and manage security tools such as firewalls, IDS/IPS, SIEM, and endpoint protection. Proactively detect and mitigate threats including malware, ransomware, phishing, and unauthorized access. Financial Systems and Transaction Security Secure digital payment systems, APIs, and transaction flows. Ensure integrity, authenticity, and traceability of financial transactions. Support fraud detection and anomaly monitoring mechanisms. Incident Management and Response Lead investigation, containment, and resolution of security incidents. Conduct root cause analysis and implement corrective actions. Maintain and execute incident response plans with proper escalation. Vulnerability Management and System Security Conduct vulnerability assessments and coordinate penetration testing. Track remediation and ensure systems are hardened against risks. Enforce security best practices across all platforms. Access Control and Identity Management Manage authentication systems including MFA and privileged access. Enforce least-privilege principles and segregation of duties. Conduct periodic access reviews and audits. Data Protection and Encryption Implement controls to protect sensitive financial and customer data. Ensure encryption of data at rest and in transit. Support data classification and secure handling practices. Regulatory Compliance and Governance Ensure compliance with applicable regulations, BOZ guidelines, and data protection laws. Support adherence to standards such as PCI DSS and ISO 27001. Prepare for and support audits (internal and external). Third-Party and Vendor Risk Management Conduct security assessments of vendors, partners, and APIs. Monitor third-party compliance with security standards. Mitigate risks associated with integrations and outsourced services. Business Continuity and Disaster Recovery Support development and testing of business continuity and disaster recovery plans. Ensure high availability and resilience of critical systems. Minimize downtime and support rapid recovery. Risk Reporting and Documentation Prepare regular cybersecurity and compliance reports. Maintain accurate documentation of incidents, controls, and processes. Awareness and Training Drive cybersecurity awareness programs across the organization. Educate staff on fraud risks, phishing, and secure data handling. Requirements Full Grade Twelve (12) Certificate or Equivalent. Degree in Computer Science, Information Technology, Cybersecurity, or a related field. Professional certifications such as CISA, CISSP, CISM, or CompTIA Security+. Minimum of five (5) years’ experience in Information Security, Risk Management, or IT within a regulated or fintech environment. Strong knowledge of cybersecurity principles, fintech systems, and risk management. Proficiency in security technologies (SIEM, firewalls, IDS/IPS, endpoint protection). Understanding of payment systems, APIs, and transaction security. Knowledge of regulatory frameworks and standards (PCI DSS, ISO 27001). Strong analytical, investigative, and problem-solving skills.