Information Security Analyst

App developers, stores, and payment providers cross the threshold into the Bango ecosystem to converge, grow and thrive. By bringing businesses together and powering e-commerce with unique data-driven insights, Bango delivers new business opportunities and new dimensions of growth for customers around the world. Being inside the Bango circle means global merchants, including Amazon, Google, and Microsoft, can work together with payment partners from Africa to the Americas, accelerating the performance of everyone on the inside. 

Role

At Bango, as the Information Security Analyst (ISA) you will report to the Vice President, Managed Services and Support (VP, MS&S) and will be responsible for the day-to-day management and continual improvement of Bango’s information security, risk management, and business continuity practices. You will ensure Bango maintains compliance with ISO 27001 (Information Security Management) and ISO 22301 (Business Continuity Management), while designing, operating, and embedding controls that strengthen the organisation’s security, resilience, and risk posture. This role combines hands-on information security delivery with ownership of enterprise risk and continuity processes and tooling.

Responsibilities

Information Security and Compliance

• Support the implementation, operation, and continual improvement of Bango’s Information Security Management System (ISMS) in line with ISO 27001.
• Assist in the design, deployment, and management of security controls aligned to Bango’s information security strategy.
• Support internal and external audits, including evidence collection, remediation tracking, and audit readiness activities.
• Contribute to the development and maintenance of information security policies, procedures, standards, and guidelines.

Risk Management and RiskSmart Ownership

• Own the day-to-day operation of the RiskSmart risk management platform.
• Maintain accurate and up-to-date risk registers covering information security, operational, and resilience-related risks.
• Support functional risk owners in completing risk assessments, reviews, and mitigation plans.
• Track risk treatment actions and ensure overdue or ineffective controls are identified and escalated appropriately.
• Produce regular risk metrics and reports to support management reviews, ISO compliance activities, and audit requirements.

Business Continuity and Resilience

• Support and maintain Bango’s Business Continuity Management System (BCMS) in line with ISO 22301.
• Coordinate Business Impact Analyses (BIAs) and ensure continuity plans are documented, reviewed, and kept current.
• Support the planning and execution of continuity exercises (e.g. tabletop exercises, simulations, or recovery tests).
• Ensure incidents and disruptions are accurately recorded and linked to relevant risks and continuity improvements.

Security Monitoring, Vulnerability and Incident Management

• Monitor security tooling (e.g. SIEM, IDS/IPS, vulnerability scanners) and assist in identifying and responding to security events.
• Support vulnerability management activities, including vulnerability scanning, prioritisation, tracking, and remediation follow-up.
• Participate in security incident response activities, including investigation, log analysis, root cause analysis, and post-incident reviews.

Awareness, Training and Engagement

• Contribute to the development and delivery of security, risk, and continuity awareness and training programmes.
• Act as a trusted advisor to teams on information security, risk management, and resilience-related topics.

Essentials

• Demonstrable experience in an information security, risk, or governance role.
• Familiarity with common security tooling and technologies (e.g. SIEMs, vulnerability scanners, IDS/IPS).
• Experience supporting ISO 27001 and/or ISO 22301 compliance activities, including audits.
• Experience using risk management or GRC platforms (e.g. RiskSmart or equivalent), including maintaining risk registers and tracking mitigation actions.
• Knowledge of common corporate technologies (e.g. M365, Azure AD) and networking fundamentals.
• Understanding of relevant legislation and standards (e.g. GDPR, ISO 27001, risk management principles).
• Strong written and verbal communication skills, including the ability to produce clear documentation and reports.
• Calm, methodical approach with the ability to manage incidents and competing priorities effectively.
• Demonstrable enthusiasm for information security and continuous learning.

Desirables

• Strong knowledge of security, risk, and control frameworks such as ISO 27001, ISO 22301, NIST, PCI DSS, COBIT, or ITIL.
• Experience supporting business continuity exercises and resilience testing.
• Familiarity with third-party risk management or supplier assurance processes.
• Cloud computing concepts and service models (e.g. IaaS, SaaS).
• Knowledge of Windows and Linux operating systems.
• Relevant certifications or qualifications (e.g. CISSP, CRISC, MBCI, or equivalent).

Benefits

• A friendly, informal working environment
• Your own Bango buddy – to help you settle in
• Bendi-time (flexible working hours)
• Bango social events
• Choose your own headphones, keyboard & mouse
• Generous share option scheme
• Private Medical Insurance
• Health Cash Plan
• 25 days holiday a year increasing to 28 days with 4 years’ service
• Cycle to work, gym discount
• Weekly Pilates & Yoga classes (virtual)
• Financial support for employee activity groups and charitable activities
• Free fruit, drinks and snacks, limitless tea, coffee and good quality espressos
• Company branded hoodie… to keep you happy and comfortable
• Group personal pension scheme
• Life assurance
• Employee Assistance Program
• 1Password
• Income Protection
• Bango branded Chilly’s bottle and coffee cup

Please read our Privacy Policy below before proceeding to Application

Privacy Policy.pdf