IT Security Officer at African Management Services Company - AMSCO

Job description

Reports To: Head of Enterprise Risk

Job Purpose: Establish an effective mechanism that can identify, measure, monitor, and control the risks inherent in institutions’ ICT systems, ensure Data integrity, availability, confidentiality, security and consistency and provide the relevant early warning mechanism.

Job Dimensions

People;

Liaison with IT teams

• Processes / Projects;
  • Implementation of the Risk Framework Document- IT Risk Aspects & other assigned risks.
  • Periodic review of the Information Technology Risk Framework.
  • Development and Maintenance of Risk Registers.
  • Develop and continuously revise KRIs for ICT & Security Risks.
  • Defining and revising risk appetites for IT and Security related Risks
  • Monthly update of the detailed ICT Risk Register.
  • IT Security Policy implementation review for compliance
  • Domain and Anti-virus Systems clean-up procedures and review.
  • Systems Access Control Management.
• Profile Rights/Access issue for Igor/MIS/Cellulant users.
  
  • Coordinating review and change of systems passwords, and safe storage.
  • Systems users review and cleanup of applications.
  • Preparation of the Monthly Dashboards and Board Report on ICT risk
  • Conducting daily IT Risk/Security Monitoring checks.
  • Preparation of plans and measures on action points in ICT Risks following review of Risk event reports.
  • Overseeing Disaster Recovery Planning/BCP systems testing, implementation and improvements.
  • Carrying out IT Security Systems Assessments and Reporting for planned and new systems implemented in the enterprise
  • Implementation of revised CBK Risk Management guidelines on ICT Risk.
• Cyber Security Intelligence and Training.
  
  • Issue tip of the week updates to all staff through heads
  • Research and update into the latest cyber security news and trends.
  • Cyber security training in Risk Champions, CSM, BM and other staff meetings
• Operating Environment
  
  • Conduct Semi-Annual Risk Champions Training on emerging ICT Risks and Security.
  • Participate in service manager meetings and other IT meetings
• Other
  • Close Follow up for implementation / closure of vulnerabilities as detailed in the various reports.
  • Assist the Head of Enterprise Risk with monthly following up for implementation of risk issues
  • Chair the DR Committee meeting. - Ensure Meetings are held monthly
  • Other special assignments as assigned by the Head of Enterprise Risk
  • Attend adhoc project meetings.

Key Responsibilities

• ICT Risk & Security Reporting
• IT Security Systems Assessments and follow-up
• Development and Maintenance of Risk Registers and Risk event reporting
• IT Security Management & Procedure development
• Disaster Recovery Planning and Testing
• CBK prudential guidelines implementation
• System Access Control Management
• Risk Awareness – Cyber Security Intelligence and training.
• Learning & Growth, and leave management & utilization

Minimum Knowledge, Qualifications and Experience required

• A Bachelor’s degree in an ICT related field.
• Professional Qualification in security related field
• Knowledge of Networking and Network Security principles.
• 3 years’ experience in ICT and Security related roles.

Functional & Behavioural Competencies required for this Role

• Excellent technical skills.
• Creativity and Ingenuity
• Leadership and teamwork
• Problem-solving and decision-making abilities;
• Analytical skills and keen on detail;
• Good communication and presentation skills;