JOB DETAILS:
Job Purpose:
To identify, assess, and make recommendations that will manage and mitigate the organization's Information Security risks.

Duties and Responsibilities include:
• Implement information security and privacy policies, standards and procedures to protect the Fund from internal and external threats
• Review and assess information security risks within new and existing systems, processes, policies and procedures and recommend relevant controls.
• Conduct continuous vulnerability assessments and regular penetration tests on the Fund’s systems.
• Work with all key process and system owners to ensure security and data privacy controls are considered at the outset of new projects, products and initiatives.
• Administer information security monitoring systems for incident detection, response, risk mitigation and threat management.
• Implement identity management and access control strategies, policies, procedures, standards, and guidelines.
• Create, revoke and manage identities/access for personnel, service accounts, applications, devices etc.
• Control and monitor access to the Fund’s information assets to identify unauthorized access and potential malicious activities.
• Conduct regular user access reviews in collaboration with system, process and data owners. Conduct regular audit log reviews and report any unusual or suspicious activities.
• Work with system and process owners to develop, implement and maintain access control lists and matrices.
• Establish, administer, and monitor privileged user accounts in accordance with a role-based access scheme.
• Support the Data Protection Officer in conducting data privacy impact assessments.
• Ensure that the IT infrastructure and systems are configured with appropriate technical controls to safeguard them against malicious attacks.
• Monitor compliance with information security policies, guidelines and standards and applicable laws and regulations.

Education Requirements:
• A Bachelor’s Degree in Information Systems, Information Technology, Computer Science, Software Engineering or related field.
• Professional qualifications CEH, CISA or related certifications.
Work Experience:
• Minimum of 3 years experience in conducting IT risk or information security responsibilities in a substantial organization.
• Experience in administering information security tools, identity management and access control systems is an added advantage

Key Competences:
• Strong understanding of information security risk, controls and principles
• Sound knowledge of information security technologies e.g., WAF, NAC, SIEM, DLP, IAM, EDR
• Understanding of Cloud technologies and the associated risks
• Knowledge of networking protocols
• Strong analytical, decision-making and problem-solving skills
• Ability to explain complex security issues to non-technical stakeholders
• Positive attitude towards learning and development
• Ability to work with critical deadlines and prioritize workload effectively.

• Knowledge of the Data Protection and Privacy Act and applicable regulations, National Information Security Framework, ISO 27001, NIST standards etc.