Information and Cyber Security Officer

Position title: Information and Cyber Security Officer

Number of positions: One (1)

Date: 30^th June 2025

Work base: Head Office

Reporting to: Head of IT

Expected starting date: Any time

Employment Contract type: Open-ended contract.

About the ASA International (Rwanda) Plc:

ASA International (Rwanda) Plc (subsequently referred to as “ASA Rwanda”) is a for-profit, deposit taking Microfinance Institution licensed by National Bank of Rwanda and incorporated under The Companies Act, No.103495622 in Rwanda in 2014 and started operations in 2016, currently serving small business through Loans and savings in 37 branches across the country. ASA Rwanda is a subsidiary of ASA International listed on London Stock Exchange, one of the world’s largest international Microfinance institutions in the world operating in 13 countries in Africa and Asia.

As a financial company and ASA international (Rwanda) plc is mostly engaged to work for the low-income people of the country and as long as there is a possibility of financial irregularities in the activities, the company created a department/position to work to prevent any sorts of misappropriation.

Vision: Reduce poverty by improving the lives of the underprivileged with a key focus on female entrepreneurs.

Mission: We have a strong commitment to financial inclusion and socioeconomic progress.

Objective: Providing Microfinance loans for business purpose to low-income entrepreneurs with an objective of improving financial inclusion and realize socioeconomic progress. Our loans provide an alternative to low-income entrepreneurs without access to credit from traditional banks. We provide these loans using the ASA Model.

Function summary

As the Information and Cyber Security officer, your primary responsibility will be to ensure the confidentiality, integrity, and availability of the organization’s information assets and information systems. You will develop, implement, and maintain security policies, procedures, and practices to protect the organization from internal and external security threats. Additionally, you will provide guidance and support to staff members on information security best practices.

Duties and Responsibilities

Develop and implement information security policies and procedures:

• Create and maintain comprehensive security policies, standards, and guidelines that align with industry best practices and regulatory requirements.
• Establish procedures for the secure operation and use of the organization’s information systems.

Conduct risk assessments and vulnerability assessments:

• Identify and assess potential security risks and vulnerabilities within the organization’s infrastructure, applications, and systems.
• Perform regular security audits and penetration testing to proactively identify weaknesses and recommend remediation measures.

Implement and manage security controls:

• Deploy and maintain security technologies, such as firewalls, intrusion detection/prevention systems, antivirus software, and encryption mechanisms.
• Align and connect to the Groups SOC (Security Operations Center) team and tooling to ensure the ASA Rwanda systems are continuously monitored on vulnerabilities and security related incidents
• Monitor and respond to security incidents, including conducting investigations and implementing incident response procedures.

Provide security awareness and training:

• Develop and deliver training programs to educate employees on information security best practices, policies, and procedures.
• Promote a culture of security awareness and compliance within the organization.

Manage third-party relationships:

• Evaluate the security posture of third-party vendors and service providers.
• Ensure that appropriate security controls are in place and contracts include relevant security clauses.

Stay up-to-date with security trends and threats:

• Continuously monitor industry trends, emerging technologies, and new threats to ensure the organization’s security controls remain effective.
• Maintain knowledge of relevant laws, regulations, and compliance requirements.

Response and recovery:

• Develop and maintain an incident response plan to handle security incidents effectively.
• Coordinate with relevant stakeholders to contain, investigate, and recover from security incidents.

Education

Bachelor’s degree in Computer Science, Information Technology, or a related field.

Requirements – Skills, Knowledge, Abilities – for Information and Cyber Security Officer

• Being Rwandan by nationality;
• Professional certifications in information security, such as CISSP, CISM, or CISA, are highly desirable.
• Over 3-4 years proven experience in information security roles, preferably in financial services or microfinance organizations.
• Strong understanding of information security principles, standards, and best practices.
• Familiarity with regulatory requirements related to data protection, privacy, and financial services.
• Knowledge of network and systems administration, including firewalls, intrusion detection systems, and vulnerability scanning tools.
• Experience in developing and implementing security policies, procedures, and standards.
• Ability to conduct risk assessments, vulnerability assessments, and security audits.
• Excellent communication and interpersonal skills to effectively train and educate staff members on security best practices.
• Strong problem-solving and analytical skills to identify and address security issues.
• Knowledge of Rwandan microfinance sector is a plus.

Salary & Benefits:

• Market conforms salary and employment conditions.
• In-house Medical Insurance covering him/her and legal dependents as company policy
• Communication allowances as per company policy
• Monitoring allowance as per company policy
• Salary Increment as per company policy depending on company profit
• Festival Allowance as per company policy

Application process

Cover Letter included the candidate’s expected salary; Detailed CV; copy of Degree; copy of Professional certifications (CISSP, CISM, or CISA) if available, Work certificates from previous employers if any; any other document that may prove a candidate’s competency to the post; Copy of ID Card.

Applications should be addressed to the Chief Executive Officer of ASA International (RWANDA) Plc located in KIGALI City, GASABO District, Plot No. – 95, NTORA Village, KG 784 St. RUHANGO Cell, Gisozi Sector, Kigali, Rwanda

Online Application to be sent to asarecruitment@asarwanda.rw  with subject line mentioning Information and Cyber Security Officer. Submission of Application should be before 10^th July 2025 at 5:00 PM. Please note that only candidates with the needed qualifications and relevant experience will be shortlisted. If you do not hear from us in 2 weeks after the deadline, know that you are not meeting our requirements.

ASA International aims to attract and select a diverse workforce, ensuring equal opportunity to everyone, irrespective of race, age, gender, class, ethnicity, disability, location, and religion. Qualified women are particularly encouraged to apply.

Done at Kigali on 30^th June 2025

Signed and approved by:

Christian SALIFOU

Chief Executive Officer

ASA International (Rwanda) Plc