Job Vacancy For Manager, Information Security Compliance and Data Protection
Job Summary
• The successful candidate will join our team as a Manager for Information Security Compliance and Data Protection in the IT Department.
• (S)He will report to the Information Security officer and will support and maintain the overall Information Security and Data Protection program for his or her operation.
• (S)he will provide technical expertise in all aspects of AT information security and Data Protection compliance for all applicable regulations.
• (S)he will also be responsible for enterprise information security program, Data Protection and Privacy policy and procedure documentation, enterprise information protection and enterprise security awareness program. The Manager, Information Security Compliance and Data Protection will monitor and follow up on all implemented Security Systems, Data Protection and Privacy in the company, including Information Systems Access Control, Information Security Incident Management, Information Asset Management, Communications, change management, Operations System Management and Data Protection Impact Assessment.
Key Responsibilities
• Provides subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including NERC CIP, HIPAA, and SOX.
• Informing and advising the organization and its employees of their data protection obligations.
• Monitoring the organization’s compliance with the GDPR and internal data protection policies and procedures. This will include monitoring the assignment of responsibilities, awareness training, and training of staff involved in processing operations and related audits.
• Advising on whether a DPIA is necessary, how to conduct one and expected outcomes.
• Serving as the contact point for the Company (or other relevant supervisory authority) on all data protection issues, including Data breach reporting
• Serving as the contact point for data subjects on privacy matters, including DSARs (data subject access requests).
• Coordinates enterprise policies with the procedures with internal subject matter experts.
• Recommends, implements, and maintains technical and procedural controls to provide regulatory compliance in the most reasonable and cost-effective manner.
• Interprets standards, requirements, and their application to the enterprise environment in cooperation with operational area security administrators.
• Responsible for protection of all enterprise electronic information maintained in computing platforms and repositories for the purpose meeting regulatory compliance for all corporate systems, applications, and data to minimize potential legal, regulatory, and reputation risk from regulatory non-compliance, unauthorized access, or loss of confidential data.
• Acts as a subject matter expert to process and respond to potential and actual cyber security incidents, or alerts issued through the ES-ISAC, ICS-CERT, US-CERT as applicable to enterprise systems and operations.
• Participates in internal and external audits and reviews to ensure compliance with regulatory standards, internal security policy, and coordinates with internal audit staff, as appropriate.
• Acts as a liaison with other internal groups in the implementation of regulatory compliance solutions utilized by the Mandatory Reliability Standard Compliance Program.
• Responsible for enterprise security awareness function and related activities.
• Assists team members and internal clients in addressing highly complex security issues applicable to enterprise environment.
SUPERVISORY RESPONSIBILITIES:
• Hires, trains, evaluates, rewards, and terminates employees. Designs, organizes, prioritizes, schedules, and leads work assignments.
• Fosters good working relationships with various groups. Appraises performance, rewards, and disciplines employees, addresses complaints, and resolves problems.
• Supervises employees on regulatory matters and indirectly supervises and guides enterprise employees, contractors, and electronic system users for performance of job functions in accordance with enterprise security programs and policies to maintain compliance with all regulatory requirements.
COMMUNICATION SKILLS:
• Ability to respond effectively to highly sensitive inquiries or complaints.
• Ability to effectively give persuasive speeches and presentations on controversial or complex topics to various audiences.
• Ability to read and interpret complex documents such as safety rules, operating and maintenance instructions, and procedure manuals Ability to write complex reports, regulatory documents, policies, and correspondence Ability to speak effectively before groups of customers or employees of organization.
COMPUTER SKILLS:
• In-depth knowledge and experience with mainframe and client/server applications and information security issues.
• Strong working knowledge of current marketed security tools and technologies
• Strong working knowledge of industry regulations (NERC CIP, Sarbanes Oxley, PCI) and industry security standards (NIST, ISO)
ANALYSIS AND PROBLEM-SOLVING ABILITY:
• Ability to strategically approach issues. Ability to be proactive, adept at working with cross-functional teams and stakeholder groups.
• Ability to synthesize complex information. Ability to apply creativity to problem solving and utilize analytical skills and modeling capabilities to provide ongoing insight into the business and to make recommendations and decisions.
• Ability to identify and develop remediation or mitigation plans as necessary. Ability to coordinate with, and lead, cross-functional team of technical experts.
DECISION MAKING
• Conducts, coordinates, and guides enterprise Information Security program, policy, and procedure development activities and practices within the bounds of approved security programs and policies, and in accordance generally accepted information security standards and regulatory requirements.
SCOPE AND IMPACT
• Electronically protects all enterprise electronic information maintained in computing platforms and repositories for the purpose meeting regulatory compliance for all corporate systems, applications, and data. Electronic protection of systems within the scope of this position is intended to minimize potential costs directly related to legal, regulatory, and reputation risk from regulatory non-compliance, unauthorized access, or loss of confidential data.
• Failure to protect systems and data from unauthorized electronic access exposes Company to heightened regulatory oversight, monetary sanctions, and increases vulnerability to malicious cyber-attack against Company cyber assets essential to enterprise operations.
PHYSICAL DEMANDS
• While performing the duties of this job, the employee is frequently required to stand, sit, and/or walk up to 2/3 of the time.
Qualification Required & Experience
• Bachelor’s degree in information technology / computer science / Telecommunications or other Technology-related field preferable or equivalent experience.
• Professional certification, such as a MCSE, CCNA/CCNP, CISA, CEH or other information security credentials is preferred.
• At least 2-3 years of experience in a combination of Information Security, Data Protection and Privacy, networking, or IT jobs, preferably in telecommunication companies, banking, high technology companies or auditing firms in similar positions.
CERTIFICATES, LICENSES, REGISTRATIONS
• Certification in security or systems control related field or working towards achieving: ISO 270001 LA, CISSP, CISA, or CISM.
CORE COMPETENCIES
• Passionate about information risk and security - a font of knowledge and energy, with a strong almost evangelical drive and enthusiasm for the subject.
• An inspirational leader – keen to motivate and get the most out of the organization’s information risks and security experts, aligning colleagues towards the achievement of business objectives.
• Good at forming productive working relationships - liaising with various specialists, advisors, managers, and influencers throughout the organization, plus third parties such as business partners, suppliers, staff, authorities etc., on information risk and security matters.
• A strategic thinker – able to step back from the short- and medium-term issues to see the longer-term changes and threats relating to information, and to both engineer and seize valuable opportunities for improvement.
• Personal integrity and credibility – noble ideals, tempered by a pragmatic, realistic approach.
• In-depth management, negotiation, technical skills, and demonstrated leadership and customer service skills.
• Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, ISA, or COBIT
• Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology
• Ability to understand enterprise business computing operations/requirements, and fundamental power generation operations Knowledge of forensics, incident analysis, and incident response management.
• Demonstrated skills in personnel management, budget management, and conflict management.
• Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions.
• Ability to organize, create, and deliver technical proposals and presentations to peers and management, ability to understand and interpret laws and regulatory requirements related to information protection, develop, and implement appropriate processes to keep the Company in compliance and reduce legal liabilities.
• Project Management knowledge and experience a strong plus.
KEY PERFORMANCE INDICATORS
• 90% success rate Audit of IC standard security and Data Protection and Privacy procedures.
• 99% reporting on technical findings, patterns and recommendations covering but not limited the following control
objectives:
• Accounts Management
• Access Enforcement
• Information Flow Enforcement
• Separation of Duties
• Least Privileged
• Security Awareness and Training
• Continues Monitoring Information
• User Identification and Authentication
• Media Access
• Media Storage
• Media Transport
• Media sanitization and Disposal
• Physical Access Control
• Information Leak
• Security Categorization
• Enterprise Data Classification Program
• Data Protection Impact Assessment
Location: Accra
How To Apply For The Job
Interested and qualified applicants should send their Applications & Curriculum Vitae to:
Recruitment@at.com.gh
Kindly indicate the role you are applying for in the email subject.
Closing Date: 18 December, 2023
Ready to be part of our dynamic and innovative team? At AT, we enhance the value of our employees by providing long-term growth and opportunities in an ever-evolving work environment. Our values are at the core of what we do and represents our values, Simplicity, Transparency and Relevance. Initiate your journey to be part of our world-class team and experience a rewarding career.