- Leading in the development / adoption and enforcement of Information Security policies, procedures and standards.
- Define, create and maintain the documentation for certification and accreditation of each information system
- Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
- Assign security responsibilities, control access to media and the controls in place against unauthorized access to workstations and related equipment.
- Technical Security: Set the access and authorization controls for everyday operations as well as emergency procedures for data.
- Transmission security: Set the standards for access controls, audit trails, event reporting, encryption and integrity controls.
- Maintaining the Security Procedures that include: i) Evaluation and compliance with security measures. ii) Disaster Recovery and Emergency operating procedures. iii) Security Incident Response and process protocols including Incident Reporting and Sanctions. iv) Testing of security procedures, mechanisms and measures.
- Maintaining appropriate security measures and mechanisms to guard against unauthorized access
- Review systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
- Oversee and/or assist in performing on-going security monitoring of organization information systems
- Assess information security risk periodically
- Ensure compliance through periodic security audits. These audits should be both internal and external in nature.
- Establishing new systems meets the minimum mandatory risk based technical, operational, and management information security control requirements.
- Ensure compliance through adequate training programs
- Degree in Computer Science, Engineering and Information Systems
- 9 years & above of relevant experience
- In-depth knowledge and experience in information security risk assessment and management
- Experience in working and liaising with auditors to review and assess the control framework
- Good understanding of key security technology such as identity access management solution, two factor authentication, enterprise certificate authority etc.
- Passion to deliver sustainable security solutions and continued improvement in control and risk mitigation
- Security certification in CISSP, CISM or CISA
Shortlisted candidates will be offered either a Permanent or Direct Contract employment.