Job Title: Senior IT Security Officer
Reports To: Manager Ict Security
The Jobholder will be responsible for development, Implementation and maintenance of standards and systems that will ensure secure information system and data. Implement standards and audit procedures to identify and resolve security violations. Conduct disaster recovery and cyberattack preparations and training.
Key Duties And Responsibilities
• Strategic Support and Management Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.• Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.
• Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
• Participate in security incident and event management to protect corporate IT assets, including intellectual property, regulated data, and the company’s reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event.
• Provide direction, support, and in-house consulting in these areas.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management. Security Liaison Liaise among the information security team and corporate compliance, audit, IT, legal and HR management teams as required.
• Assist resource owners and IT sta¬ in understanding and responding to security audit failures reported by auditors.
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Architecture/Engineering Support Consult with IT and security sta¬ to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and so ware.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or so ware, and analyze its impact on the existing environment; provide technical and supervisory expertise for the administration of security tools.
• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
• Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
• Operational Support Coordinate measure and report on the technical aspects of security management. Supervise and coordinate operational components of incident management, including detection, response, and reporting.
• Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
• Supervise the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
• Design, coordinate and oversee security-testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
Education, Experience, Skills:
• A bachelor’s degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is an added advantage.
• At least one of the following certifications, CISM, CISSP, CRISC, and CASP+ or other certifications at the discretion of direct line manager.
• A minimum of seven (7) years of Information Technology experience, with three (3) years in an information security role and at least one (1) year in a supervisory capacity.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
• The ability to interact with company personnel, build strong relationships at all levels and across all business units and organizations.
• Knowledge and understanding of relevant legal and regulatory requirements, such as National Cybersecurity Strategy for Uganda, Data Protection and Privacy Act, 2019, Computer Misuse Act 2022.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Project management skills: ¬nancial/budget management, scheduling and resource management.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Experience in system technology security testing (vulnerability scanning and penetration testing).
• Familiarity in application technology security testing (white box, black box, and code review).
Work Hours: 8
Experience in Months: 84
Level of Education: Bachelor Degree
Job application procedure
The Following Documents Should Accompany The Application Strictly Online
• Detailed CV.
• Copies of academic documents.
• Applicants address and daytime telephone contacts.
• Postal/email address and daytime telephone contact of three referees of good standing in society one of which should be your current Supervisor.
Mode of application
Please send your application to [email protected] and put the job you are applying as the Subject (Strictly) Applications must reach the address above by Wednesday 12th April 2023 Take note that only shortlisted candidates will be contacted.
N.B Applicants should be willing to work in any place that PostBank branches are located.