Information Systems Security Officer (MIS/IT 5)

Job Purpose

Reporting to the Director of Information Technology, the Information Systems Security Officer will perform vulnerability scans of all AGD applications, network, servers, databases and end user machines to identify existing and potential threats. The incumbent develops plans to perform corrective actions and mitigate threats. The incumbent also performs the necessary security audits and maintains an organizational IT Security Policy, positioning the AGD for future ICT audits and to enable enterprise-wide security compliance. 

Summary of the broad purpose of the position in relation to Government’s goals and strategies to:

• Perform vulnerability scans 
• Design and execute penetration testing 
• Perform security audits 
• Continuously fine-tune the AGD’s Antivirus software 
• Develop and maintain IT Security Policy 
• Develop and deliver enterprise-wide security courses that will educate AGD staff on the Security Policy and overall security awareness, in order to bolster end-user’s being the weakest link in Enterprise Security. 

Key Responsibilities 

Technical: 

• Creates information security strategies, both short-term and long-range, in support of the AGD’s goals; 
• Directs an ongoing, proactive Risk Assessment Programme for all new and existing systems and remains familiar with the AGD’s goals and business processes, so that effective controls can be implemented for those areas presenting the greatest information security risk; 
• Communicates risks and recommendations to mitigate risks to the Director, Information Technology by communicating cost/benefit terms and in a format relevant to Senior Administrators so decisions can be made to ensure the security of information systems and information entrusted to the AGD; 
• Oversees all ongoing activities related to the development, implementation, and maintenance of the AGD’s Information Security policies and procedures; 
• Ensures vulnerabilities are managed by directing periodic vulnerability scans of servers connected to AGD’s Network; 
• Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts; 
• Evaluates security incidents and determines what response, if any, is needed and co ordinates responses, including Technical Incident Response Teams, when sensitive information is breached; 
• Identifies vulnerabilities in our current network by: 
  • Developing and implementing a comprehensive plan to secure our computing network 
  • Monitoring network usage to ensure compliance with security policies 
  • Keeping-up to date with developments in IT security standards and threats 
  • Performing penetration tests to find any flaws 
  • Collaborating with management and the IT Unit to improve security 
  • Documenting any security breaches and assesses their damage 
• Develops Security Awareness Courses to be delivered to all AGD end users in an effort by: 
  • Educating and assessing all end users on Security Threats and best practices for the Enterprise environment 
  • Educating and assessing all users on the AGD ICT Security Policy and security software 
  • Educating and assessing all end users on security threats and best practices to be employed outside of the Enterprise environment 
• Performs any other related duties that may be assigned from time to time. 

Required Knowledge, Skills and Competencies

Core: 

• Good oral and written communication skills 
• Good problem-solving and analytical skills 
• Good customer focus skills 
• Results focus 
• Integrity 

Technical: 

• Strong knowledge and understanding of Data Security Management 
• Strong knowledge of information systems environment, legislations, policies, procedures and standards 
• Good knowledge of Project Management methodologies 
• Good knowledge of security and control features of operating systems, databases and network devices 

Minimum Required Qualification and Experience

Essential: 

• Undergraduate Degree in Computer Science, Information Technology or Management Information System; 
• Professional Certification: CompTIA Security+, Certified Information Privacy Technologist (CIPT) or equivalent; 
• Two (2) years of experience in Information Security Management; 
• Experience in computer and networking infrastructure, operating systems and application software development; 
• Experience in Project Management; 
• Experience in Regulatory Compliance and Risk Management. 

Desirable: 

• Microsoft Certified Technology Specialist (MCTS); 
• Microsoft Certified Solutions Expert (MCSE); 
• Project Management Professional (PMP). 

Specific Conditions Associated with the Job

• Pressured working conditions with numerous critical deadlines. 

Please note that only shortlisted applicants will be contacted.