Information security specialist Job at National Social Security Fund

JOB TITLE: INFORMATION SECURITY SPECIALIST (1 Position)

REPORTS TO: INFORMATION SECURITY MANAGER

DEPARTMENT: ENTERPRISE RISK

JOB GRADE: D1

Job Purpose:

To identify, assess, and make recommendations to manage and mitigate the organization’s Information Security risks.

Duties and Responsibilities include:

• Implement information security and privacy policies, standards and procedures to protect the Fund from internal and external threats
• Review and assess information security risks within new and existing systems, processes, policies and procedures and recommend relevant controls.
• Conduct continuous vulnerability assessments and regular penetration tests on the Fund’s systems.
• Create a culture of security awareness by undertaking sensitization/training of staff on information security and privacy risks and control.
• Work with all critical process and system owners to ensure security and data privacy controls are considered at the outset of new projects, products and initiatives.
• Administer information security monitoring systems for incident detection, response, risk mitigation and threat management.
• Implement identity management and access control strategies, policies, procedures, standards, and guidelines.
• Create, revoke and manage identities/access for personnel, service accounts, applications, devices etc.
• Control and monitor access to the Fund’s information assets to identify unauthorized access and potentially malicious activities.
• Conduct regular user access reviews in collaboration with system, process and data owners. Conduct periodic audit log reviews and report any unusual or suspicious activities.
• Work with system and process owners to develop, implement and maintain access control lists and matrices.
• Configure, implement, and manage identity management and access control technologies and tools.
• Establish, administer, and monitor privileged user accounts in accordance with a role-based access scheme.
• Support the Data Protection Officer in conducting data privacy impact assessments.
• Ensure that the IT infrastructure and systems are configured with appropriate technical controls to safeguard them against malicious attacks.
• Monitor compliance with information security policies, guidelines and standards and applicable laws and regulations.

Education Requirements:

• A Bachelor’s degree in Information Systems, Information Technology, Computer Science, Software Engineering or a related field.
• Professional qualifications CEH, CISA or related certifications

Work Experience:

• Minimum of 3 years experience in conducting IT risk or information security responsibilities in a substantial organization.
• Experience in administering information security tools, identity management and access control systems is an added advantage.

Key Competences:

• Strong understanding of information security risk, controls and principles
• Sound knowledge of information security technologies e.g., WAF, NAC, SIEM, DLP, IAM, EDR
• Understanding of Cloud technologies and the associated risks
• Knowledge of networking protocols
• Strong analytical, decision-making and problem-solving skills
• Ability to explain complex security issues to non-technical stakeholders
• Positive attitude towards learning and development
• Ability to work with critical deadlines and prioritize workload effectively.
• Knowledge of the Data Protection and Privacy Act and applicable regulations, National Information Security Framework, ISO 27001, NIST standards etc.

Interested individuals should click https://forms.office.com/r/2BSYCnVxas to fill out the application form and also send copies of their application letter, curriculum vitae and academic qualifications, addressed to the Chief of People and Culture to recruitment@nssfug.org by Wednesday 14th December 2022.

Women are encouraged to apply. Please note that canvassing or lobbying will lead to the automatic disqualification of the candidate.