IT Security Advisor Jobs Vacancy at World Vision in Kenya 2013
Job Title: IT Security Advisor – Data Management
Application Deadline Date: 01 Feb 2013
Position Location: Nairobi, Kenya, or open to other international locations. Position Start Date: 04 Mar 2013
Region: Africa\East Africa Position End Date:
Requisition Category: International Recruitment Priority: Need Immediately
Country Name: Kenya Program/Office Name: GICT – Information Security
City/Province: Nairobi, Kenya, or open to other international locations. Employee Type: Home Country Intl. (HCI)
Job Grade Level: 16/164 Recruitment Status: Advertising in Progress
Is this a family post? Family – Spouse with Children
Requisition Num: 2012AFERBRE-936U6W
PURPOSE OF POSITION:
The IT Security Advisor for Data Management will be responsible for the identification, classification and overall data security governance structure of World Vision’s data and data management program.
Defines, identifies and classifies information assets.
Assesses threats and vulnerabilities regarding information assets and recommends the appropriate security controls and measures.
Develops and manages security measures for information systems to prevent security breaches.
Consults with clients on the data classification of their resources
Provides reports to leaders regarding the effectiveness of information security and makes recommendations for the adoption of new policies and procedures.
Develops and implements strategies to align information security with business objectives and goals, protecting the integrity, confidentiality and availability of data.
Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk.
Reviews risk assessments, analyzes the effectiveness of IT control activities, and reports on them with actionable recommendations.
Evaluates security risks and identifies and defines compliance strategies in accordance with policies and standards.
Provides management with risk assessments and security briefings to advise them of critical issues that may affect customer, or corporate security objectives.
Communicates with multiple departments and levels of management in order to resolve technical and procedural IT security risks.
Develops remediation strategies to mitigate risks associated with the protection of infrastructure and information assets.
Provides strategic and tactical direction and consultation on security and IT compliance.
POLICIES, PROCEDURES, & STANDARDS:
Maintains an up-to-date understanding of industry best practices.
Develops, enhances and implements enterprise-wide security policies, procedures and standards across multiple platform and application environments.
Monitors the legal and regulatory environment for developments.
Recommends manages implementation of required changes to IT policies and procedures.
Monitors compliance with security policies, standards, guidelines and procedures.
Ensures security compliance with legal and regulatory standards.
Engages directly with the business to gather a full understanding of project scope and business requirements.
Assesses business needs against security concerns and articulates issues and potential risks to management.
Consults with other business and technical staff on potential business impacts of proposed changes to the security environment.
Provides security-related guidance on business process.
Works closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.
Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
Defines and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment.
Performs security audits.
Participates in security investigations and compliance reviews as requested by external auditors.
Consults with clients on security violations.
Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented.
BUSINESS CONTINUITY/DISASTER RECOVERY:
Develops impact analysis.
Assists business partners with the determination of critical business processes and systems.
Identifies and coordinates resolution of recovery issues.
Serves in an advisory role in application development projects to assess security requirements and controls and ensures that security controls are implemented as planned.
Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
Provides input for the development of the security architecture.
Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project.
Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information.
Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
KNOWLEDGE, SKILLS & ABILITIES:
Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
Requires in-depth knowledge of information lifecycle management and data classification schemas.
Requires in-depth knowledge of data loss prevention (DLP) tools and technologies.
Typically requires 7 – 10 years of combined IT and security work experience with a broad range of exposure to DLP technologies.
Recommended Security Certification (i.e., Certified Information Systems Security Professional (CISSP), Certified Information Security Manage (CISM), or Global Information Assurance Certification (GIAC).
How to Apply:
Deadline: 1st February 2013