Head, Information Security Management Unit at a Top Company

Report to Head Information Technology Department

QUALIFICATION: A first degree in Computer Science, Information Technology, and related disciplines (Computer Engineering, Computer with Economics/ Mathematics, Management Information Systems, and Electrical/Electronic Engineering and any other Engineering Courses is required. A post graduate degree in any related discipline is required. 

PROFESSIONAL MEMBERSHIP: Any of NCS, CPN, NIM, PMI or ISACA preferred.

PROFESSIONAL CERTIFICATIONS: Any of ITIL Manager; CISSP - Certified Information Systems Security Professional, SSCP – Systems Security Certified Practitioner, CIPP - Certified Information Privacy Professional, CISM - Certified Information Security Manager, CRISC - Certified in Risk and Information Systems Control, Certified Security Analyst & Licensed Penetration Tester 

EXPERIENCE LEVEL: Management- Minimum of 15 years working experience in IT, of which at least 7 years should be at management level.  Experience in IT security management is required.

• Good knowledge and familiarity with leading practices in security standards/frameworks  

• Good knowledge of security issues relating to key platforms.  

• In-depth knowledge of Threat and Vulnerability Management, Penetration Testing, antivirus solutions and end point protection  

• Understanding of operating systems  

• Adequate knowledge of integrated business applications software such as Enterprise-wide applications  

• Adequate knowledge of information and knowledge management  

• Adequate knowledge of Contract management, Budget, and cost management and Quality control

PRIMARY RESPONSIBILITIES: 

Implementation of Unit's mandate   

• Ensures the implementation of the Unit’s work plan.  

• Ensures timely rendition of Unit’s deliverables. 

• Manages the Unit performance.  

Implementation of policy and standards  

• Defines and implements the policies and standards for a secure IT environment in accordance with the NIRSAL MFB’s Corporate Security strategy and international standards (ISMS, International Security Management System Framework e.g., ISO/IEC 27001, 27002)  

• Defines and implements the security reporting infrastructure.  

• Enforces compliance with auditing of security policies and procedures.  

• Plans and budgets for the implementation of security policies and procedures.  

• Assists in driving architectural improvements and standardization for the IT Security environments, including the definition of security policies & standards, security infrastructure & systems (e.g., firewalls, intrusion detection/prevention systems etc.)  

IT security management  

• Provides the technical support and knowledge to include the security components in the Enterprise Architecture.   

• Identifies protection goals, objectives, and metrics consistent with corporate strategic plan.  

• Works with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.  

• Oversees security incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches, as necessary.  

• Oversees activity of external consultants as appropriate for independent security / vulnerability testing.  

• Manages the review of security SLA with users and vendors.  

• Oversees vendors who assist to safeguard the Bank’s assets, intellectual property, and computer systems.  

Leadership and management   

• Provides leadership and direction for the Unit.  

• Provides oversight and management for Unit’s budget and general administration. 

• Provides mentoring and coaching for the staff of the Unit.  

PERSONALITY: energetic, driven, adaptable, able to work with no supervision, team spirit, proven leadership and problem-solving skills, willingness to relocate.