Reporting to the ICT & Digital Strategy Executive, the successful candidate will be responsible for ICT Security, Information Assurance, Business Continuity and Critical Incident Management. Key Outputs • Develops and maintains information security strategies, defining information security requirements and undertaking risk assessments in order to protect the integrity, confidentiality, and availability of information that is in the custody of or processed by NSSA. • Develops, maintains and publishes all corporate-level information security standards, procedures, and guidelines including compliance-monitoring procedures and assists in resolving security policy issues and in implementing security procedures. • Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained. • Enforces security policies and procedures by administering and monitoring information security profiles, reviewing information security violation reports and investigating possible security exceptions, updates, and maintains documents information security controls. Initiating, facilitating, and promoting activities to foster information security awareness within the organisation. • In consultation with line of business, manages, reviews and tests ICT business continuity and disaster recovery plans, processes and procedures necessary to recover services in the event of a declared disaster. • Periodically reviews and validates user access rights and privileges by conducting the necessary due diligence and auditing related activities. • Enforce required information security measures and principles in all ICT programmes. • Ensures that all ICT Security associated processes remain ISO 27001 compliant. • Leads the review of and technical assurance of information security plans and play an important ICT governance role within the organisation. • Advises the ICT & Digital Strategy Executive on all information security and assurance matters.
Qualifying Requirements • BSc Degree - Computer Science or Information Systems or Information Technology. • Accredited certifications in CEH or CISSP or ISO 27001 or Security plus. • 8 plus years of experience in a combination of risk management information security and ICT jobs. Key Competencies and Characteristics • Strong knowledge of common information security management frameworks. Strong knowledge of relevant legal and regulatory requirements/standards. Experience in designing and managing new and existing security systems. Experience managing multiple, simultaneous, and high-profile information security initiatives and responses. Proven track record and experience in developing information security programmes, policies and procedures, including successful implementations in large enterprise environments. • Excellent analytic skills. • Excellent attention to detail. • Excellent listening, communication, interpersonal and presentation skills.
Interested candidates are invited to email their applications (including CVs) to firstname.lastname@example.org stating the job they are applying for by close of business on Friday, 25 October 2019. Applications should quote the job title and where applicable the Region where the vacancy is located. Only shortlisted candidates will be contacted. Applications received after the closing date will not be considered.