in ,

Information Security Officer, Country Office GIZ

Organization details
To enable the worldwide protection of all critical information processed by the GIZ, the establishment of an Information Security Management System (ISMS) and therefore Information Security Officers in the field structure are indispensable. Through the company-wide I international standard ISO/IEC 27001 certification of information security management (ISO27001), the GIZ targets a wide variety of permanent restructuring-processes, all of them requiring experts to coordinate and maintain these changes. While the company-wide coordination lies with the Chief Information Security Officer (CISO) and his/her Information Security Management Team (ISMT) located at the headquarters, the extensive local establishment and continuous operation of information security needs the support of a new local role, which works closely together with already existing local roles such as IT-Professionals and DIPAs. Concerning existing roles, it is important to note that Information Security Officers cannot be at the same time IT-Professionals due to conflicts of interests.

Number of vacancies: 1
Sector: Civil society
Industry: IT ,NGO

Knowledge, Skills & Competences
1. Basic knowledge of actual Microsoft Software and Services ecosystem
2. Methodological competence in: ISO/IEC 27001, risk management, vulnerability management, audit
3. Has overview of tasks and objectives of the institution and can evaluate and classify them with respect to information security.
4. Excellent communication skills.
5. Ability to work independently.
6. Knowledge of English language level C; knowledge of German language is an asset.
7. Willingness to travel within Uganda and abroad.

Responsibilities
Key Responsibilities
The Information Security Officer (ISO) will be responsible for:

1. Establishing and later managing the security incident process.
2. Accompanies the Audit Management process.
3. Local representative of the information security organization and thus the Information Security Management System (ISMS).
4. Acting as Single Point of Contact (SPoC) for information security.
5. Providing structure reporting to the CISO.
6. Recording the status of information security.

The Information Security Officer fulfils the following tasks:
Specific Tasks

1. Responsible for elaborating, reviewing, and updating the local security concept, the coordination and implementation of measures, guidelines/concepts as well as the adaptation of guidelines/concepts to local conditions.
2. Coordinates existing awareness measures and is to a limited extent personally responsible for the awareness/training efforts Concerning the information security among employees.
3. Responsible for the control of the effectiveness of security measures, for revisions and audits and for ensuring the investigation of security-related incidents & coordination of their reporting (reporting system).
4. As representative of the Information Security Management System Team (ISMS Team) and sort of local counterpart of the CISO, the Information Security Officer (ISO) also has the permanent task of reporting to the CISO and supply necessary information for the management report of the CISO.
5. Provides continuous consulting on information security topics and the constant operation of risk management and level estimation of information protection requirements.
6. Implement and manage the security incident process.
7. Support and accompany the audit management process possibly including the local coordination of “penetration testing”.
8. Create and implement a functioning vulnerability management.
9. Ensure through a structural analysis via asset recording an up-to date and complete asset inventory in cooperation with asset owners.
10. Responsible for reviewing and updating the local information security concept, the coordination and implementation of measures and the communication and implementation of guidelines/concepts.

Other Duties/Additional Tasks
Performs other duties and tasks at the request of management.

Qualifications
1. Bachelor’s degree in Information Security Management or related area.

Details of experience
1. At least 5 years’ professional experience in a comparable position.
2. Experience in conducting audits.
3. Knowledge and experience in information security.

Interested and Qualified, Click here to Apply

JOIN US ON TELEGRAM
Get Notifications Faster by:
(Visited 42 times, 1 visits today)

Director Professional Development Employment Opportunity – Uganda Institute of Banking and Financial Services (UIBFS)

SAP Specialist – MM/SD Movit Products