Information Security Operations Analyst at Baobabplus

We are a social business committed to energy access and digital access in Africa. We make accessible to all innovative products that meet the needs of local populations to change their life. Baobab+ is available in Senegal, Mali, Madagascar and Ivory Coast. Baobab+ is part of Baobab Group, a digital finance group specializing in financial inclusion in 9 countries in Africa and China.

Position Overview

• The Information Security Operation Analyst will ensure secure user access across all systems and continuously monitor security events to detect threats.
• This role will handle user provisioning, privilege control, access reviews, and SIEM alert investigation, while supporting incident response, vulnerability management, and compliance activities to strengthen the organization’s overall security posture.

Key Responsibilities
Identity & Access Management:

• Manage user access provisioning, modification, and de-provisioning across enterprise systems and applications.
• Conduct periodic reviews and validations of user access rights (monthly, quarterly).
• Enforce the principles of least privilege and segregation of duties (SoD).
• Monitor privileged accounts and support the implementation of PAM controls.
• Collaborate with HR and IT to ensure timely and accurate onboarding/offboarding.
• Support access certification campaigns and provide documentation for audits.
• Maintain and continuously enhance access management procedures and workflows.

SIEM Monitoring & Incident Response:

• Monitor security events, alerts, and logs using the SIEM platform (e.g., Splunk, Datadog).
• Analyze alerts to distinguish between false positives and actual security incidents.
• Escalate confirmed incidents to the Information Security Manager or SOC team.
• Perform first-level incident triage, including root-cause indicators and initial response actions.
• Document security incidents and contribute to post-incident analysis and reporting.
• Assist in developing SIEM use cases, correlation rules, dashboards, and alert logic to enhance detection capabilities.

Vulnerability & Compliance Support:

• Assist with scheduled vulnerability scans and track remediation progress.
• Support compliance activities related to ISO 27001, PCI DSS, and internal security audits.
• Prepare and deliver routine security performance reports for management review.
• Policies, Procedures & Continuous Improvement
• Support the enhancement and enforcement of access control and security monitoring policies.
• Identify operational gaps and recommend improvements across processes.
• Participate in organization-wide security awareness and training initiatives.

Compliance and Risk Management:

• Assist in risk assessments to identify vulnerabilities and recommend mitigation measures.
• Ensure compliance with internal and external regulations, including data protection laws.
• Prepare reports on compliance status and risk management activities for management.

Endpoint Protection and Asset Management:

• Deploy and manage endpoint protection tools, ensuring all devices are compliant with security policies.
• Maintaining an accurate inventory of IT assets in security terms refers to establishing and continuously updating a detailed record of all IT assets, including hardware, software, virtual assets, and cloud resources, to support effective security management.

Project Support:

• Collaborate with other Information Security Staff to deliver security-related projects on time and within budget.

Reporting:

• Provide weekly updates on IT security and improvement plans.
• Generate compliance and incident response reports as requested by management.
• Track and report on staff adherence to IT security practices and training.

Required Qualifications
Education:

• BSc or HND in Computer Science, Information Technology, Engineering, or related disciplines.

Experience:

• 2–4 years of experience in Information security, access management, or SOC operations.
• Exposure to IT compliance audits and risk assessments.
• Hands-on experience securing cloud environments such as AWS, Azure, or Google Cloud is an advantage.
• Hands-on experience with SIEM platforms and log monitoring.
• Understanding of IAM concepts such as SoD, RBAC, and least privilege.
• Basic knowledge of security frameworks (ISO 27001, PCI-DSS, CBN Cybersecurity Framework).
• Strong analytical skills, with excellent documentation and communication abilities.
• Certification in at least two of the following is a strong advantage:
• ISO 27001 (Lead Implementer or Auditor)
• CompTIA Security+
• ITIL V4
• PCI-DSS
• AWS Security Specialty
• Cloud Security Manager

Skills and Competencies:

• Knowledge of IT security best practices and frameworks such as PCI-DSS and ISO standards.
• Proficiency in creating professional presentations (PowerPoint, Google Slides).
• Strong communication and collaboration skills.
• Ability to work under pressure and manage multiple tasks.
• Fluency in English (written and spoken).
• High level of integrity and self-motivation.

Employment Terms:

• Contract Type: Local contract with Baobab Microfinance Bank (MFB).

Method of Application

Signup to view application details. Signup Now