Information Security Manager at Mumias Sugar Company
We invite applications from suitable candidates to fill the following position:
To plan, design, implement and maintain programs, policies and management systems in Information security; and to protect systems and data from intentional or inadvertent access or destruction; and perform all procedures necessary in order to ensure the safety of information assets and MSC information, while ensuring the confidentiality, integrity and availability of critical information and information assets.
Principal Accountabilities:
Reporting to the Chief Security Officer with a dotted line to the Director of ICT, the Information Security Manager will have the following responsibilities;
- Develop an Information Security Program, liaise closely with business process owners for ongoing alignment; provide subject matter expertise and administrative support, advise management on new Information Security risks or where existing controls are failing.
- Carry out periodic risk assessment on information systems, identify information security risks and exposures, and develop risk assessment strategies in order to determine information systems security needs
- Develop, revise, manage and enforce the necessary information systems (IS) security policies, standards and controls and regulatory controls across multiple platforms; evaluate roles and access levels, carry out Information Security Incident management
- Plan, design, implement and closely monitor end – to – end security systems and software; develop and implement monitoring and metrics approaches; monitor utilization and the effectiveness of security resources; direct, monitor and report on security activities, prepare procedural documentation
- Deliver computer forensic services as required and carry out periodic vulnerability and penetration tests in order to conform to audit standards and requirements.
- Carry out periodic business impact assessments; manage Business Continuity Planning, implementation and review and co-ordinate ICT disaster recovery planning and testing activities
- Develop and carry out Information Systems user privacy and security training and awareness programs in order to increase and enhance user information security literacy levels.
- Certification in Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Security Manager (CISM) is desirable and a definite advantage
- Technical knowledge and experience in network and information systems security and well informed on current trends and issues.
- Able to perform business wide risk analysis and risk assessment and develop risk mitigation strategies to ensure business strategies are adhered to.
- Analytical in approach with the ability to collate and analyse data from various sources in order to effectively understand and resolve information security problems.
- Able to design and implement change management procedures and monitor and control the change management process.
- Able to consistently achieve standards in organizing, planning, and managing activities in Information Security.
- Can effectively communicate across all levels of users, management and other third parties
- Targets and achieves results, sets challenging goals, prioritizes tasks, overcomes obstacles & accepts accountability
- Proactive with self confidence and high energy level: ability to initiate and drive opportunities to utilize technology independently and reliably. The discipline to work alone and ability to work collaboratively as part of a high performance team
- Highly motivated and have the desire to play an instrumental role in helping the organization succeed and grow
- A good listener with the ability to adopt change/initiatives that best leads to the achievement of a desired goal. An individual who is responsive to users and business needs
- Models organizational values; firmly adhering to codes of conduct and ethical principles. Be a person of very high integrity and discipline and ensure secure and controlled access to systems
ictjobs@mumias-sugar.com