Job Description
Overall Responsibility
The job holder will be responsible for providing and ensuring security of the Sacco's information technology systems and infrastructure.
Key Responsibilities
• Develop and implement security policies, procedures, and guidelines specific to the Sacco in line with industry regulations and best practices.
• Managing the daily operation and implementation of the IT security strategy.
• Identify and assess security risks to the Sacco's systems, including data breaches, unauthorized access and other threats.
• Conduct security awareness training for Sacco employees to educate them about security best practices and potential risks.
• Manage user access to systems and data ensuring that only authorized personnel have access to sensitive information.
• Develop and maintain an incident response plan to address and mitigate security incidents, such as data breaches or cyberattacks.
• Continuously monitor for vulnerabilities in the Sacco's IT infrastructure and applications and implement patches and updates to address these vulnerabilities.
• Implement security monitoring tools and techniques to detect and respond to security threats and anomalies in real-time.
• Ensure that the Sacco complies with relevant data protection and cybersecurity regulations, such as the Data Protection Act and any industry-specific requirements.
• Conduct regular security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement.
• Develop and maintain disaster recovery and business continuity plans to ensure the Sacco can recover from a security incident or system failure.
• Evaluate, select and implement security technologies, such as firewalls, intrusion detection systems and encryption to protect the Sacco's systems and data.
• Report security incidents to relevant authorities and management as required by the regulations.
• Collaborate with other departments and external partners to ensure a comprehensive approach to security, including legal, compliance and IT team.
• Maintain comprehensive documentation of security policies, incident reports and security configurations.
• Conduct an annually Vulnerability Assessment Testing (VAPT).
• Liaising with the ICT manager to manage IT security budget and communicating this with appropriate parties.
• Promote a culture of security awareness and best practices throughout the organization.
• Manage information security assessment requests, evaluate vendor products and services and advise management of risks and best security practices.
• Perform any other relevant duties as may be assigned from time to tim
Qualifications.
• A Bachelor’s Degree in ICT/Computer Science/Computer Systems design or ICT related field from a recognized university.
• Certification in ICT security.
• Professional qualification of Certified Information Security Manager (CISM)/CISA/Certified Risk and Information System Control (CRISC) and other related field.
• A minimum of three (3) years working experience in systems security preferably in a financial institution.