Chief Information Security Officer (CISO) – Burkina Faso

About the role

The Chief Information Security Officer will own information security, data protection, cyber risk and regulatory compliance for the mobile installment business operating in Burkina Faso. You will work closely with the headquarters R&D team to ensure that all security controls meet local licensing and strict regulatory requirements.

Key responsibilities

• Interpret and apply Burkina Faso information security and data protection regulations (CIL, ARCEP, WAEMU/BCEAO) for the local operation.
• Develop, enforce and maintain local security policies, standards and procedures aligned with SDF licensing, CIL and ISO 27001.
• Prepare and submit compliance documentation, respond to regulator audits and ensure ongoing regulatory adherence.
• Coordinate with the headquarters R&D team to embed security controls in system design, review encryption schemes, network architectures and propose modifications.
• Oversee protection of customer PII and financial data, manage consent, access rights and cross‑border data transfer controls.
• Conduct regular cyber‑risk assessments, vulnerability scans and penetration tests on mobile apps, APIs and internal networks.
• Identify and mitigate risks such as fraud, account takeover, data leakage and ransomware.
• Support incident response processes and promote security awareness across the organization.

Required profile

• Deep knowledge of Burkina Faso’s information security, data protection and financial security regulations.
• Experience developing security policies and procedures that comply with ISO 27001 and local licensing requirements.
• Proven ability to work with remote R&D teams to integrate security controls into product development.
• Strong understanding of data protection, encryption, tokenization and secure disposal practices.
• Track record of conducting risk assessments, vulnerability management and incident response.

Required skills

• Encryption (data at rest and in transit)
• Tokenization
• Vulnerability scanning
• Penetration testing
• Security risk assessment
• ISO 27001 implementation
• Data protection compliance