Information Security Manager & Data Protection Officer (1 Position)

JOB TITLE: Information Security Manager & Data Protection Officer (1 Position)

JOB GRADE: D5

REPORTS TO: CHIEF RISK OFFICER

DEPARTMENT: ENTERPRISE RISK MANAGEMENT

DUTY STATION: HEADQUARTERS

Job Purpose:

Ensure the integrity and confidentiality of the Fund’s data, to safeguard the members' interests and protect the Fund's image.

Duties and Responsibilities include:

• Develop and implement the Fund’s information security risk strategy to safeguard the Fund’s IT infrastructure, and systems and protect the Fund’s data.
• Establish and maintain information security policies, processes, procedures, and system security baselines.
• Monitor the Fund’s information technology architecture and advise management on emerging cyber threats that may affect the Fund’s information assets and operations.
• Promote and conduct security awareness by developing and implementing a security awareness and training programme across the Fund.
• Conduct periodic information technology risk assessments, penetration tests and vulnerability assessments and advise management on remediation measures.
• Conduct risk assessment and testing of new technologies to enhance the Fund’s information security infrastructure.
• Coordinate disaster recovery tests to ensure that the Fund can return swiftly to normal operations in case of a disaster.
• Investigate information security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken.
• Develop, implement, and maintain policies and procedures that enforce compliance with DPPA (Data Protection and Privacy Act) and regulations.
• Train staff on their responsibilities concerning data privacy and protection
• Act as a contact point for the Data Protection Office and data subjects regarding the processing of their personal data and the exercise of their rights
• Conduct data protection compliance audits and provide updates on the compliance of the Fund.
• Monitor the Fund's compliance with the Data Protection and Privacy Act (DPPA), and other applicable data protection legislation and regulations.

Education Requirements:

• A Bachelor’s degree in information technology, Information Systems or Computer Science, or a related field.
• Professional qualifications CISSP or CRISC or CISM

Related Job Experience: 7 years experience in information security management, 3 at the managerial level.

Interested individuals should click https://forms.office.com/e/Y43aztjN88 to fill out the application form and also send copies of their application letter, curriculum vitae and academic qualifications, addressed to the Chief of People and Culture to recruitment@nssfug.org by Monday 18th March 2024.

Women are encouraged to apply. Please note that canvassing or lobbying will lead to automatic disqualification of the candidate and that providing minimal information or not attaching the required documentation may lead to the disposition of your candidature due to insufficient information provided.