JOB TITLE: INFORMATION SECURITY SPECIALIST (1 Position)
REPORTS TO: INFORMATION SECURITY MANAGER
DEPARTMENT: ENTERPRISE RISK
JOB GRADE: D1
To identify, assess, and make recommendations to manage and mitigate the organization’s Information Security risks.
Duties and Responsibilities include:
- Implement information security and privacy policies, standards and procedures to protect the Fund from internal and external threats
- Review and assess information security risks within new and existing systems, processes, policies and procedures and recommend relevant controls.
- Conduct continuous vulnerability assessments and regular penetration tests on the Fund’s systems.
- Create a culture of security awareness by undertaking sensitization/training of staff on information security and privacy risks and control.
- Work with all critical process and system owners to ensure security and data privacy controls are considered at the outset of new projects, products and initiatives.
- Administer information security monitoring systems for incident detection, response, risk mitigation and threat management.
- Implement identity management and access control strategies, policies, procedures, standards, and guidelines.
- Create, revoke and manage identities/access for personnel, service accounts, applications, devices etc.
- Control and monitor access to the Fund’s information assets to identify unauthorized access and potentially malicious activities.
- Conduct regular user access reviews in collaboration with system, process and data owners. Conduct periodic audit log reviews and report any unusual or suspicious activities.
- Work with system and process owners to develop, implement and maintain access control lists and matrices.
- Configure, implement, and manage identity management and access control technologies and tools.
- Establish, administer, and monitor privileged user accounts in accordance with a role-based access scheme.
- Support the Data Protection Officer in conducting data privacy impact assessments.
- Ensure that the IT infrastructure and systems are configured with appropriate technical controls to safeguard them against malicious attacks.
- Monitor compliance with information security policies, guidelines and standards and applicable laws and regulations.
- A Bachelor’s degree in Information Systems, Information Technology, Computer Science, Software Engineering or a related field.
- Professional qualifications CEH, CISA or related certifications
- Minimum of 3 years experience in conducting IT risk or information security responsibilities in a substantial organization.
- Experience in administering information security tools, identity management and access control systems is an added advantage.
- Strong understanding of information security risk, controls and principles
- Sound knowledge of information security technologies e.g., WAF, NAC, SIEM, DLP, IAM, EDR
- Understanding of Cloud technologies and the associated risks
- Knowledge of networking protocols
- Strong analytical, decision-making and problem-solving skills
- Ability to explain complex security issues to non-technical stakeholders
- Positive attitude towards learning and development
- Ability to work with critical deadlines and prioritize workload effectively.
- Knowledge of the Data Protection and Privacy Act and applicable regulations, National Information Security Framework, ISO 27001, NIST standards etc.
Interested individuals should click https://forms.office.com/r/2BSYCnVxas to fill out the application form and also send copies of their application letter, curriculum vitae and academic qualifications, addressed to the Chief of People and Culture to email@example.com by Wednesday 14th December 2022.
Women are encouraged to apply. Please note that canvassing or lobbying will lead to the automatic disqualification of the candidate.
- Salary Offer 0 ~ Ush50000000 USD 0-ush50000000 Month
- Address Kampala, Kampala, Uganda