Executive - Information Security

.

Job Purpose:

The role holder is responsible for supporting the project manager and manager in the execution of operations related to information security and risk management. The role holder ensures the operations executed by the departments adhere to the information security and risk management policies and procedures

.

Key Accountabilities:

Information Security

• Operate the IT Quality and Information Security systems and processes by ensuring compliance with policies and procedures & standards set within the organization.
• Provide support on information systems audit, risk assessment & inspection activities, ensuring that it is not vulnerable to malicious attacks both internal and external.
• Assist in the management of IT Governance system and activities, ensuring alignment of IT processes and performance indicators.
• Liaise with audit teams, both internal and external to support and ensure periodic audits are conducted, deviations are identified and necessary mitigation measures and recommended.
• Conduct risk assessments and highlight findings to the managers and respective teams to develop corrective actions, as necessary.
• Stay updated on information security threats existing within the market in order to help the team prepare necessary remedial measures to avoid disruption in operations.

.

Information Security Regulation (ISR)

• Plan, implement and maintain an information security program/ management system that is integrated with the whole entity’s processes.
• Coordinate with the senior management on the identification, development, secure handling and management of entity wide information assets.
• Plan, develop and maintain an organization wide information security risk assessment methodology in coordination with the higher management in the entity.
• Ensure that appropriate operational controls are selected and implemented according to the results of the risk assessment.
• Develop the required policies, and procedures, based on results of the risk assessment.
• Assist and support senior management with their information security responsibilities.
• Ensure organization wide compliance to the information security program/management system and report ISR implementation status to the information security steering committee.
• Plan and conduct periodic information security awarness,education and training for entity's staff and applicable external parties.

.

Policies, Systems, Processes & Procedures

• Contribute to the identification of opportunities for the continuous improvement of departmental systems, policies, processes, and practices considering ‘international leading practices’ to improve productivity and operational efficiency.
• Provide critical input to support the development of department’s systems, policies, processes, and procedures to meet business requirements.
• Ensure team members comply with all department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.

Quality, Health, Security, Safety and Environment

• Ensure compliance with regulatory requirements and relevant quality, health, safety, security and environmental procedures and controls across the department to guarantee employee safety and delivery of high-quality services.

Reporting

• Prepare relative reports in a timely and accurate manner to meet the departmental requirements, policies, and standards.

Others

• Other relevant tasks of the job purpose when, and if required

.

Qualifications & Experience:

Minimum Qualification

• Bachelor’s Degree in Computer Science or Information Technology or a relevant field

Minimum Experience and Skills

• 1-2 years of experience in IT with Quality assurance /Process improvement capacity
• Hands on expertise in IT process automation; with KPI- SLA - Configuration- Change Management- helpdesk   exposure.
• Capability to work independently to develop / administer technical systems and solutions for process automation / information security control establishment.
• Familiarity /Exposure with Quality-Information security audits and compliance implementation
• Knowledge and understanding of activities/process/procedures of all verticals of IT units such as HW & Infrastructure, SW development and operations.
• ITIL ,COBIT/CEH,CISA standards Certification

.

Competencies