Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH
To enable the worldwide protection of all critical information processed by the GIZ, the establishment of an Information Security Management System (ISMS) and therefore Information Security Officers in the field structure are indispensable. Through the company-wide I international standard ISO/IEC 27001 certification of information security management (ISO27001), the GIZ targets a wide variety of permanent restructuring-processes, all of them requiring experts to coordinate and maintain these changes. While the company-wide coordination lies with the Chief Information Security Officer (CISO) and his/ her Information Security Management Team (ISMT) located at the headquarters, the extensive local establishment and continuous operation of information security needs the support of a new local role, which works closely together with already existing local roles such as IT-Professionals and DIPAs. Concerning existing roles, it is important to note that Information Security Officers cannot be at the same time IT-Professionals due to conflicts of interests.
GIZ is recruiting an Information Security Officer to support the implementation of its programmes.
We encourage women, people with disabilities and minority groups to apply for this position. GIZ is committed to equal opportunities and diversity of perspective at the working place.
Key Responsibilities
• The Information Security Officer (ISO) will be responsible for: • Establishing and later managing the security incident process Accompanies the Audit Management process.
• Local representative of the information security organization and thus the Information Security Management System (ISMS)
Acting as Single Point of Contact (SPOC) for information security Providing structure reporting to the CISO
• Recording the status of information security
• The Information Security Officer fulfils the following tasks: B. Specific Tasks
• Responsible for elaborating, reviewing, and updating the local security concept, the coordination and implementation of measures, guidelines/ concepts as well as the adaptation of guidelines/concepts to local conditions.
• Coordinates existing awareness measures and is to a limited extent personally responsible for the awareness/training efforts Concerning the information security among employees.
Responsible for the control of the effectiveness of security measures, for revisions and audits and for ensuring the investigation of security-related incidents & coordination of their reporting (reporting system).
• As representative of the Information Security Management System Team (ISMS Team) and sort of local counterpart of the CISO, the Information Security Officer (ISO) also has the permanent task of reporting to the CISO and supply necessary information for the management report of the CISO.
• Provides continuous consulting on information security topics and the constant operation of risk management and level estimation of information protection requirements.
• Implement and manage the security incident process.
• Support and accompany the audit management process possibly including the local coordination of “penetration testing”.
• Create and implement a functioning vulnerability management.
• Ensure through a structural analysis via asset recording an up-to date and complete asset inventory in cooperation with asset owners.
Responsible for reviewing and updating the local information security concept, the coordination and implementation of measures and the communication and implementation of guidelines/concepts.
Other Duties/Additional Tasks
• Performs other duties and tasks at the request of management.
Required qualifications, competences, and experience. Qualifications
• Bachelor’s degree in information security management or related area.
Professional experience
• At least 5 years’ professional experience in a comparable position. Experience in conducting audits.
Knowledge and experience in information security
• Basic knowledge of actual Microsoft Software and Services ecosystem Methodological competence in: ISO/IEC 27001, risk management, vulnerability management, audit
• Has overview of tasks and objectives of the institution and can evaluate and classify them with respect to information security.
Other knowledge, additional competences
• Excellent communication skills.
• Ability to work independently.
• Knowledge of English language level C; knowledge of German language is an asset.
• Willingness to travel within Uganda and abroad.
The post Information Security Officer at Future Options Consulting Ltd appeared first on Jobweb Uganda.
from Jobweb Uganda https://ift.tt/xubtSEd
via
0 Comments