Information Security Officer at Lesotho PostBank

The Lesotho PostBank (LPB), your only Basotho Bank invites suitably qualified candidates to apply for the following vacant position:

Job Title: Information Security Officer (Paterson Grade C2)
Reports to: Head of IT
Department: Information Technology
Location: Maseru

JOB PURPOSE

The Information Security Officer safeguards the Bank’s information assets by implementing and monitoring security measures that prevent unauthorised access, modification, and data loss. Reporting to the Head of IT, the role ensures security is integrated into all systems, applications, infrastructure and communication channels. The position works closely with management, IT teams, developers, vendors and auditors to identify risks, defines controls and ensures secure operations across the Bank’s technology environment.

KEY DUTIES AND RESPONSIBILITIES

IT Governance & Policy

• Implements and monitors adoption of the Bank’s Information Security Policies and IT governance frameworks.
• Conducts regular reviews of IT General Controls (ITGC) and application controls.
• Participates in IT information security self-assessment, risk analysis and risk rating; provide control recommendations using the Enterprise Risk Management (ERM) framework.
• Liaises with Compliance, Internal Audit, and External Audit teams on information security matters and audits; track remediation actions to closure.

Information Risk Management & Reporting

• Performs information security risk assessments and guides business units on appropriate risk controls and practices.
• Provides a holistic view of information security risks (personnel, processes, technology, and external events) affecting the Bank’s information assets.
• Compiles monthly information security risk reports for management and regular updates to the line manager on assignments and incidents.

Access Control & Monitoring

• Determines, reviews and audits users’ access rights (including privileged users such as administrators and power users) in line with least privilege and segregation of duties.
• Protects, retains, and analyses access logs and audit trails to detect unauthorised access and vulnerabilities.
• Recommends corrective actions and follow up on remediation.

Security Requirements & Systems Management

• Performs information security requirements analysis and specification for all IT systems acquisition, development, and maintenance.
• Manages periodic maintenance and updates of information security systems and tools (firewalls, endpoint protection/antivirus, IDS/IPS, email security, web gateways).
• Ensures timely updates, patching and threat intelligence review to identify and avert new threats.

Cryptography & Data Protection

• Designs and guides the implementation of cryptographic controls and key management procedures.
• Develops and enforces policies governing public access to the Bank’s information assets and data classification/handling.

Awareness and Training

• Conducts information security awareness training for staff and management.
• Participates in external security forums and awareness groups to keep abreast of best practice.
• Liaises with vendors/suppliers to ensure adherence to Bank’s information security requirements through contracts, SLAs and due diligence.

Collaboration & Performance

• Actively participates in regular meetings with IT and Risk on common issues and challenges.
• Participates in one-on-one performance discussion with the line manager; maintain personal development plan.

QUALIFICATIONS AND EXPERIENCE

• Bachelor’s degree in information Security, Computer Science, Information Systems, Cybersecurity, IT or related field.
• Ms Information Security Administrator associate, CompTIA Security+, Comptia Cybersecurity Analyst plus, ISO/IEC 27001 Lead Implementer.
• 3–5 years’ experience in Information Security, IT Risk, or IT Governance within a financial services environment.
• Hands-on with firewalls, endpoint protection, SIEM/log management, IAM/Active Directory, vulnerability management, and incident response.

SKILLS & COMPETENCIES

Technical Competencies

• International Standards: Applies international standards on IT governance, risk management and information security management, such as ISO 27000 series and COBIT 2019.
• Technical hands-on experience in implementing information security protection using secure communication protocols such as https, sftp, Secure DNS etc.

Behavioral Competencies

• Persuasion and assertiveness
• High integrity, confidentiality, and ethical conduct.
• Strong analytical, problem-solving and attention to detail.
• Clear communication and report writing for technical and non-technical audiences.
• Stakeholder and vendor management; ability to influence and train.
• Resilience under pressure and during incidents; proactive and adaptable.

How to Apply

• Applications and CVs (including names of three referees) accompanied by certified copies of relevant certificates should be emailed to recruitment@lpb.co.ls
• The closing date for submission of applications is 08th April 2026
• Disclaimer: ONLY Shortlisted candidates will be contacted.

Disclaimer

MosebetsiHub is a career platform, not an employer. We curate and share verified job listings from companies in Lesotho and beyond. All logos, trademarks, and related media belong to their respective owners and are used solely for informational and promotional purposes.