Job Title: Information Security Compliance Manager
About NITA-U:
The National Information Technology Authority-Uganda (NITA-U) was established as a statutory body under the National Information Technology Authority, Uganda Act, 2009 as one of the key players in the Information and Communications Technology Sector. Its mandated is to coordinate, promote and monitor IT development within the context of national social and economic development, with a vision as “a facilitator of a knowledge-based, globally competitive Uganda where social transformation and economic development is supported through IT enabled services.”
Job Summary:
The Manager will possess the primary responsibility for a comprehensive security program that includes information security policies, compliance, and governance.
Key Duties and Responsibilities:
-Serves as the subject matter expert in the development, implementation, and maintenance of information related to all aspects of compliance.
-Partners with internal teams to manage control oversight, testing, gap analysis, remediation tracking, compliance documentation and evidence collection.
-Identify opportunities and develops tactical and strategic solutions for enterprise service delivery to meet regulatory compliance requirements in a holistic manner.
-Complete risk assessments and perform in-depth analysis of mitigating controls and financial risk, and documenting the risk.
-Provide expert advice, ensuring compliance, and conformance, on information risk analysis/management.
-Develop, implement and enforce suitable and relevant information security policies, ensuring that these are compliant with legislations and regulations related to information security; reviewing policies on a regular basis.
-Develop and implement, together with suitable materials, an information security awareness and training programme.
-Contribute to Business Continuity planning, training and processes.
-Investigate suspected and actual breaches of security and undertake reporting/remedial action as required.
-Maintain a log of any incidents and remedial recommendations and actions.
-Continuously assess the shortfall between both actual security measures in place and being effective and those established at a policy level thus highlighting deficiencies for remedial action.
-Establish and maintain a register of data owners for sets of information (e.g. paper files, databases) and educate the data owners on their responsibilities (what is the data, how is it used, who has access to it).
-Maintain Risk, Issue and Change registers for information security.
-Offer advice and take action, where necessary, in response to Audit findings and recommendations in respect of information security.
-Develop and implement a corporate culture of compliance and information security.
Qualifications, Skills and Experience:
-The applicant should possess a Bachelor’s degree in Computer Science, Information Technology, Information Science, Information Systems information Security or a related field from a recognized university
-A Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or Certified Information Security Auditor (CISA) credential is an added advantage
-A post graduate in a relevant field will be an added advantage.
-The applicant should possess at least three years’ experience in regulatory compliance oversight or information risk management.
-Networking and Operating Systems certifications / credentials.
-Wide understanding of information security knowledge and experience
-Proficiency working with recognized IT Security-related standards, technologies, principles, and practices (including ISO17799/27001).
-Significant broad IT experience, at least some of which has been in a security role.
-Thorough understanding of security requirements of Sarbanes-Oxley, ISO Certifications and Data Privacy laws.
-Working knowledge of applicable laws and the law enforcement community.
-Project management, collaboration, communication and organizational skills.
-Ability to work on own initiative as well as in a team;
-Excellent business acumen;
-Capacity to establish credibility, and trust and partnership;
-Analytical and problem –solving skills;
-Excellent interpersonal and communication and report writing skills;
-Experience with business continuity/disaster recovery planning and auditing.
-Experience in the development and delivery of training material.
-Experience in Open Systems, Internet and network security products and platforms, including intrusion detection/prevention, incident response and investigation, vulnerability assessments, data loss prevention and penetration testing
How to Apply:
All suitably qualified and interested candidates who meet the job requirements/specifications and with the right personal attributes are invited to submit their application form (which can be down loaded from the NITA-U official website www.nita.go.ug), with a cover letter, curriculum vitae, and must specify day time telephone contact, postal and email addresses of both the applicant and three referees, copies of certificates and testimonials to the address below. Applicants must also submit with their application verifiable evidence supporting previous relevant appointments such as appointment letters and employment contracts.).
NB: No application will be accepted without a duly signed standard application form.
The Executive Director,
National Information Technology
Authority – UGANDA (NITA-U),
Palm Courts, Plot 7A, Rotary Avenue (former lugogo bypass)
P.O. Box 33151, Kampala-Uganda
Tel: 0417 801 038
Or via email: hr@nita.go.ug This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Deadline: 14th October, 2013 by 5 PM
No comments:
Post a Comment