Security Program Officer at a Top Company

Report to Head Information Security Management Unit 

QUALIFICATION: A first degree in Computer Science, Information Technology, and related disciplines (Computer Engineering, Computer with Economics/ Mathematics, Management Information Systems, and Electrical/Electronic Engineering) is required  

A post graduate degree in any related field is an added advantage 
 

PROFESSIONAL MEMBERSHIP: Membership of any of the following professional bodies is an added advantage: NCS, CPN, NIM, PMI or ISACA  

PROFESSIONAL CERTIFICATIONS: Possession of any of the following certifications is required: ITIL Manager, CISSP - Certified Information Systems Security Professional; SSCP - Systems Security Certified Practitioner, CIPP - Certified Information Privacy Professional, CISM - Certified Information Security Manager, CRISC - Certified in Risk and Information Systems Control, Certified Security Analyst & Licensed Penetration Tester 

EXPERIENCE LEVEL: Management- Minimum of 12 years working experience in IT, of which at least 4 years should be at managerial level. experience in IT security management is required

In-depth knowledge of established computer-industry security procedures for multiple computer platforms  

Knowledge of the enterprise application systems, database tools, etc. 

PRIMARY RESPONSIBILITIES: 

Security Program Quality Assurance  

• Work towards achieving ISO 27001 certification standards.   

• Plan, organize and supervise (ISO27001) internal audits.   

• Provide input into the development of the Business Continuity Plan, IT Disaster Recovery Plan and associated testing and maintenance.   

• Serve as an internal information security consultant to the organization.   

• Keep abreast of latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities.   

• Develop and implement an ongoing security risk assessment program targeting information security and privacy matters.   

• Conduct compliance & security risk assessments, gap analysis.   

• Select controls and security risk mitigation.   

• Monitor ongoing compliance with security standards.   

• Establish and maintain contacts with external security resources.   

• Assists in developing and implementing security training and awareness programs to educate NIRSAL MFB staff about the Bank’s information security solutions and their requirements.  

Security Assessment  

• Serve as an internal information security consultant to the organization.   

• Conduct compliance and security risk assessment, gap analysis.  

• Keep abreast of latest security consultants to the organization.  

• Keeps abreast with latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities.  

• Develop and implement on-going security risk assessment program targeting information security and privacy matters.  

• Conduct compliance and security risk assessment, gap analysis.  

• Select controls and security risk mitigation.   

• Monitor on-going compliance with security standards.  

• Establish and maintain contacts with external security resources.  

• Assists to develop and implement security training and awareness program to educate NIRSAL MFB staff about the Bank’s information security solutions and their requirements.  

Security Management and Awareness  

• Monitors ongoing compliance with security standards.  

• Establishes and maintain contacts with external security resources.  

• Provides input into the development of the Business Continuity Plan, IT Disaster Recovery Plan and associated testing and maintenance.  

Security awareness  

• Serves as an internal information security consultant to the organization.  

• Coordinates the development and implementation of security training and awareness program to educate NIRSAL MFB staff about the Bank’s information security solutions and their requirements.

 PEROSONALITY: energetic, driven, adaptable, able to work with no supervision, team spirit, proven leadership and problem-solving skills, willingness to relocate.