Job Description
Advert Number: 2024 – 3
1.1 JOB TITLE: IS Security Manager DEPARTMENT:RISK & COMPLIANCE
SECTION: IS Security
1.2 REPORTS TO:
Head of RISK & COMPLIANCE
1.3 SUPERVISES:
IS Security Officers
2.0 PURPOSE OF THE JOB
The position is responsible for securing the Sacco ICT Systems through continuous risk
assessment and development of risk mitigation mechanism. This involves leading and
providing a focal point for security and information risk matters. The incumbent jobholder
will be also responsible for developing plans to improve the information security at the Sacco.
3.0 KEY RESPONSIBILITIES/ACCOUNTABILITIES
Key responsibilities
Carries out technical vulnerability assessments of IT systems and processes, identifying
potential vulnerabilities, to make recommendations to control any risks identified
and to ensure they are implemented.
Responds rapidly and effectively to IT security incidents, managing them in a
professional manor including computer forensics for evidence gathering and
preservation. Appropriate and sensitive handling of effected staff and efficient liaison
with external and law enforcement agencies when required.
Responsible for the coordination of regular Information Security Reviews in the Sacco
and conducts assessments of departmental systems, processes, infrastructure, and
making recommendations to minimize risks identified.
Works closely with the Head of Risk & Compliance to ensure that the Sacco’s policies
and procedures for Information Security are effectively adhered to.
Provides high quality Information Security guidance documentation and training.
Leads by example and provides good security guidance and advice on best practice
to service managers, staff at all levels
Oversees the ISS information security risk register and carry out actions to mitigate
risks identified
liaises with external security agencies where required and ensure that any information
requested is provided on a timely and secure basis
Keeps up to date with security trends, threats and control measures
Liaises with Cyber Crime Unit in the National Police service.
Develops and maintains the information security policy and accompanying standards,
procedures and guidance
Develops and delivers a programme of planned compliance reviews and ensure any
gaps are addressed
Promotes security awareness by developing and implementing a security awareness
and training programme
Investigates suspected and actual security incidents in accordance with the security
incident management standard, produce reports with recommendations and ensure
any remedial action is taken
Works with internal stakeholders to develop relationships to help promote and
improve information security and provide security advice on procurements, projects
and new initiatives as required
Provides input to the wider development of the information governance strategy
and business planning process
Maintains currency with emerging security trends, risks, new guidance or standards
(internal and external) and security enhancing technologies
Other responsibilities
Performs any other responsibilities as may be assigned from time to time.
4.1 Experience
5 years’ experience
4.2 Academic Qualification
Degree in computer systems design or computer science or related field.
4.3 Professional Qualification
ISACA, CISM Certification
4.4 Technical Skills, General Skills & Personal Attributes
Technical Skills
Excellent knowledge of the working of IT systems
Investigation skills
Knowledge and ability to identify information security breaches
Ability to establish an information security monitoring system
Programming skills
Network skills
General Skills
Ability to lead and deliver change and contribute to culture change successfully
Excellent written and oral communication skills.
Excellent listening and interpersonal skills.
Strong customer-service orientation.
Ability to communicate ideas in both technical and user-friendly language.
Highly self-motivated and directed.
Keen attention to detail.
Ability to effectively prioritize and execute tasks in a high-pressure environment. •
Experience working in a team-oriented, collaborative environment.
Supervisory Skills
Negotiation Skills
Conflict Management
People Management skills
Problem solving skills