ICT Security Supervisor
Jobs at:PostBank Uganda
Deadline of this Job:
14 October 2021
Within Uganda , Kampala , East Africa
Date Posted: Monday, October 11, 2021 , Base Salary: Not Disclosed
JOB TITLE: ICT SECURITY SUPERVISOR (1)
REPORTS TO: MANAGER ICT SECURITY
The Information Security Supervisor will be responsible for overseeing the day-to-day information security operations with a highly technical staff as they work to accomplish company and personal development goals and must, therefore, have proven leadership skills. Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of the Information Security Supervisor position.
KEY RESULT AREAS/ DELIVERABLES:
Strategic Support and Management
• Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.
• Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
• Participate in security incident and event management to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support, and in-house consulting in these areas.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management.
• Liaise among the information security team and corporate compliance, audit, IT, legal and HR management teams as required.
• Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and supervisory expertise for the administration of security tools.
• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
• Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
• Coordinate measure and report on the technical aspects of security management.
• Supervise and coordinate operational components of incident management, including detection, response, and reporting.
• Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
• Supervise the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
• Design, coordinate and oversee security-testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
• A bachelor's degree in Information systems, IT, Computer Science or its equivalent.
• At least one of the following certifications, CISM, CISSP, CRISC, and CASP+ or other certifications at the discretion of direct line manager.
• A minimum of seven (5) years of IT experience, with three (3) years in an information security role and a minimum of one (1) year in a supervisory or team leadership role
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
• The ability to interact with company personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
• Knowledge and understanding of relevant legal and regulatory requirements, such as National Cybersecurity Strategy for Uganda, Data Protection and Privacy Act, 2019, Computer Misuse Act 2011.
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Project management skills: financial/budget management, scheduling and resource manageAbility to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• A strong understanding of the business impact of security tools, technologies, and policies.
• Strong leadership abilities, with the capability to develop and guide
• information security team members and IT operations personnel, and work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management, and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
• Experience developing and maintaining policies, procedures, standards, and guidelines.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
• Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Experience in system technology security testing (vulnerability scanning and penetration testing).
• Familiarity in application technology security testing (white box, black box, and code review.
Work Hours: 8
Experience in Months: 60
Level of Education: Bachelor Degree
Job application procedure
THE FOLLOWING DOCUMENTS SHOULD ACCOMPANY THE APPLICATION STRICTLY ONLINE:
• Detailed CV
• Certified copies of academic documents
• Applicants address and day- time telephone/email contacts
• Postal/email address and daytime telephone contact of three referees of good standing in society.
MODE OF APPLICATION
Only online applications addressed to Chief HR & Admin Officer, PostBank Uganda. Send application to [email protected] with job title as subject, accompanied with copies of relevant academic documents.
Note: Only Shortlisted candidates will be contacted.
Closing Date: 14th October, 2021