JOB DETAILS:

Oversee IT security operations, IT continuity, and compliance, to safeguard all URA digital information, ensure regulatory compliance, and maintain business continuity.

PRINCIPLE ACCOUNTABILITIES

1. Cybersecurity Strategy and Leadership:  Develop and oversee the implementation of URA's cybersecurity strategy in response to the evolving threat landscape.

a) Create and update the cybersecurity strategy to address emerging threats.

b) Lead the cybersecurity team in implementing cyber-security measures.

c) Stay abreast of new cybersecurity trends, threats, and technologies.

d) Educate the management team on cyber risks and security best practices.

e) Develop, maintain, and enforce cybersecurity policies, procedures, and standards to ensure security of IT systems and data in line with URA’s digitalization efforts.

f) Implement & maintain URA’s Information Security Architecture, commensurate with international Standards to reduce risks to the IT assets.

2. IT Risk Management and Reporting: Provide objective IT risk reporting and manage cybersecurity risks.

a) Conduct unbiased assessments of URA’s cybersecurity posture and investigate information technology security violations to facilitate decision-making

b) Develop and implement IT risk management frameworks, and oversee IT risk assessments to evaluate the effectiveness of the IT Security

c) Monitor information technology systems to provide visibility into the effectiveness of controls and proactively identify security threats

d) Report cybersecurity status to senior management and executives.

e) Oversee regulatory compliance in IT security.

f) Manage stakeholder confidence in URA’s data security controls.

3. Security Incident Management and Response: Lead the response to security incidents and manage the resolution process.

a) Oversee the deployment, integration, and initial configuration of all new security solutions and enhancements to existing security solutions following best operational practices.

b) Develop and maintain a cyber-incident response plan.

c) Lead the incident response team to manage and mitigate security breaches and incidents, ensuring timely and effective resolution and communication.

d) Conduct post-incident analysis and implement preventive measures.

e) Liaise with external agencies for incident investigation and reporting.

f) Train staff in incident detection and response protocols.

4. Data Security and Third-Party Management: Ensure the security of URA’s data, especially in collaborations with third parties.

a) Define and Implement robust IT standards, data security policies and protocols.

b) Manage risks associated with third-party data sharing and integrations.

c) Conduct regular security audits and assessments across the URA technology ecosystem and the tax ecosystem to minimized Third Party risk

d) Oversee data protection impact assessments for new projects and technology implementations.

e) Assure compliance with data protection laws and standards

5. Digital Forensics: Identify, collect, analyse, and preserve electronic data in a manner that is legally admissible in court, as reliable evidence that supports various aspects of crime investigation, prevention and litigation, in order to safeguard URA’s digital assets against emerging threats.

a) Spearhead Investigation and Analysis assessments to conduct thorough investigations and forensic analysis of security incidents to understand the root cause, extent of damage, and necessary remedial actions.

b) Ensure proper collection, preservation, and documentation of digital evidence by legal and regulatory standards.

c) Produce detailed and accurate reports on findings from forensic investigations, providing insights and recommendations for future prevention.

6. IT Security Continuity and Compliance: Develop, Implement and coordinate plans to ensure URA can maintain operations during and after disruptive events while adhering to standard requirements.

a) Develop and implement IT Continuity plans to ensure the URA can continue to operate during and after an IT incident.

b) Ensure the Authority complies with all relevant laws, regulations, and standards, such as ISO 20000, ISO 22301, BS 25777, ITSCM, ISO/IEC 27031 and ISO/IEC 27001.

c) Lead or coordinate internal and external audits related to IT practice, ensuring continuous improvement and compliance with industry standards and best practices.

7. Cybersecurity Awareness and Training: Foster a culture of cybersecurity awareness across the organization.

a) Develop and implement a cybersecurity training program for URA staff.

b) Conduct regular cybersecurity awareness sessions for all staff.

c) Create and disseminate cybersecurity best practice guides.

d) Evaluate the effectiveness of cybersecurity training.

e) Promote a proactive approach to cybersecurity across departments.

8. Team Leadership: Plan and manage the performance and development of staff under jurisdiction to improve their productivity.

a) Plan and budget for resource requirements in the Division and monitor the usage to ensure efficiency

b) Develop and monitor a Business Work plan and develop performance agreements with all the staff under supervision

c) Monitor staff performance and provide guidance and periodic feedback for performance improvement

d) Assess the training and development needs of staff under supervision and recommend appropriate interventions

e) Provide coaching support to staff under jurisdiction

f) Initiate and implement activities/programs intended to create and harness teamwork in the Division.

g) Implement succession planning and any other staff-related programs as introduced and approved in the Authority.

Qualifications

PERSON SPECIFICATIONS
Essential Requirements
a)    An Honor’s Bachelor’s degree in either; IT or Computer Science, Information Systems, Software Engineering, Electrical Engineering, Telecommunication Engineering, Mathematics, Physics or any relevant related IT field from a recognized academic institution.
b)    ITIL foundations Certificate
c)    At least three Industry Certifications: CCNA, CEH, CISA, CISM, GSLC, GSNA, GCPM, CISSP, CGEIT, GCIH, CSSLP, ISO27001
d)    At least Seven (07) years’ experience in either Information Technology, IT Audit, IT Security or related discipline, five (05) which should have been attained at the middle management level in a reputable organization.
e)    Leadership training
f)    An impeccable record of integrity.

Desirable Requirements
a)    A Postgraduate qualification in an Information Technology discipline from a recognized academic institution.
b)    IT Network Security certifications; HP-UX, Checkpoint, Cisco etc
c)    ISO 27001 Implementation Certification
d)    Any IT Continuity and Compliance; CBCI, CBCP, ISO 22301
e)    Any Forensic Investigations certifications; EnCase, SANS Sift Kit, CFCE, GCFE, CHFI, CDFE, GCFA, GNFA
f)    Any Penetration Testing certification; Metasploit, BackTrack, CompTIA PenTest+, GPEN, LPT Master, C|PENT, OSCP
g)    Any Vulnerability Assessment Certification; Nexpose, Nessus, OSCP, CompTIA Security+, CVA, GEVA
h)    ArcSight SIEM, Sourcefire IDS/IPS, Imperva WAF/DAM exposure.

Knowledge
a)    Secure Software Development lifecycle principles
b)    In-depth knowledge of TCP/IP Protocol
c)    Demonstrated understanding and familiarity with common penetration testing methods and standards, as well as an understanding of security issues on both Microsoft and UNIX/LINUX operating systems
d)    Solid understanding and ability to apply commonly used concepts, practices, and procedures in the Information Security field including operating systems and network security, application security, vulnerability analysis, encryption technologies, intrusion detection, incident response, business continuity management, etc.
e)     Experience with conducting Threat and Risk assessments of IT systems, applications, and networks
f)     Knowledge of technologies and methods used for vulnerability and threat risk assessments
g)    Strong broad technical expertise in analyzing complex IT systems and providing options for remediation alternatives

SPECIAL SKILLS AND ATTRIBUTES
The candidate must be able to demonstrate;
a)    The job holder must have strong communication and interpersonal skills with the ability to think quickly and creatively, especially in crisis times.
b)    High level of organizational capability and demonstrated maturity in handling self and dealings with a diversity of people within and outside the Organization.
c)    Firm, assertive and able to handle difficult clients and scenarios.
d)    Strong problem diagnosis and problem-solving skills.
e)    Proactive with the ability to work under pressure and minimum supervision.
f)    Strong conceptual and analytical skills.
g)    Excellent team building, leadership and team mobilization skills.
h)    Must have strong interpersonal relationship skills and be able to develop, manage and influence the working and trust of top-level executives within and outside the organization.
i)    Ability to develop others through coaching, mentoring and guiding the professional growth of staff under supervision.
j)    Excellent oral, and written communication and public speaking skills.
k)    A confident, assertive, self-driven individual with a sense of self-esteem.
l)    Must be able to manage highly confidential information,
m)    Should be agile and results-oriented.