Senior Information Systems Security Officer – VisionFund Micro-Finance Institution S.C
Information Technology, Science and Technology
VisionFund Micro-Finance Institution S.C
IMMEDIATE INTERNAL/EXTERNAL
VACANCY ANNOUNCEMENT
About the Organization:
Vision Fund Micro Finance Institution (S.C) is an Institution established according to proclamation No. 40/96 to provide financial services to the productive poor in the rural and urban areas of Ethiopia. Vision Fund is currently operating in five of the Regional States of the country. Vision Fund MFI is currently looking for internal candidates for Senior Information System Security Officer. The successful candidates will have skills and experience that meet the following requirements:
1. Major Responsibilities
II. SPECIFIC DUTIES AND RESPONSIBILITIES
· Develops, publishes, and maintains information system security strategy, architecture, policy, procedures, and guidelines Ensures timely and accurate weekly & monthly bank reconciliation for all accounts of the branch and take prompt action on reconciling items
·Take the lead on developing, maintaining and updating the Information Security Strategy and Information Security Program
· Passionately manage and assist in performing on-going security monitoring of information systems including assessing information security risk through qualitative risk analysis on a regular basis, conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements, evaluating and recommending new information security technologies and counter-measures against threats to information or privacy, and developing security reports and dashboards
· Ensure effective staff training programs are in place to increase security awareness across VFMFI. Monitor and ensure VFMFI staffs are taking WVI the online security awareness program
· Identifies today’s increasing network security threats and implement a comprehensive security policy to mitigate the threats;
· Identifies general methods to mitigate common security threats to network devices, hosts, and applications;
· Applies security recommended practices including initial steps to secure network services;
· Ensures that system security is deployed and operated according to VFMFI’s Information Security Policy.
· Authorizes users to the information system services and with what type of privilege or access rights;
· Oversees and coordinates security efforts across the enterprise, including information technology, human resources, communications, legal, facilities management and other groups, to identify security initiatives and standards,
· Monitors and reports on information security trends internal and external to the Company and keeps all stakeholders informed about information security-related issues and activities affecting the Company;
· Ensures the system undergoes technical security evaluation according to security policy, procedure or guideline;
· Conducts system security certification and accreditation to enhance confidence on the system’s deployment (testing and certifying systems acquired or in-house developed) before their deployment;
· Reports security status of information systems to the Supervisor;
· Performs self-administered or independent security audits or other assessments periodically through using automated tools, security checklist, penetration testing, etc.;
· Ensures long term storage of cryptographic keys for encrypted data;
· Investigates security breaches and regularly conducts security audit on various mission critical systems of the Company;
· Designs the security perimeter, installs, configures, maintains and continuously manages system security infrastructure (firewalls, VPN, network intrusion detection systems, cryptographic tools and others) to protect information assets against any potential threats and vulnerabilities that could impact the confidentiality, integrity and availability of information/data, system or infrastructure;
· Conducts an in-depth information system incident analysis including internal violations, hacker, attacks, viruses and system outages on every systems and infrastructure of the Company
· Conducts information system security risk assessment, analysis, evaluation and develop mitigating strategies;
· Conducts investigation, analysis and review following breaches of security controls, and prepares recommendations for appropriate improvements;
· Performs other duties as assigned by the supervisor.
2. Qualification and Technical Skill Required
A) EDUCATION/TRAINING
· BSc Degree in Computer Science, Information technology or related field,
· Professional information security Trainings (CISM, CISSP , or equivalent )
B) EXPERIENCE
· A minimum of 5 years of relevant work experience.
C) TECHNICAL AND OTHER SKILLS
· Solid knowledge of various information security frameworks such as NIST, COBIT, etc.
· Knowledge of basic security and fire inspection procedures;
· Experience in developing a comprehensive security program, including risk assessment framework;
· Skill in both verbal and written communication;
· Skill in observing situations and decision making;
· Skill in dealing courteously with public;
· Skill in promoting awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to IT;
· Knowledge in defining secure configurations leveraging technical knowledge and problem solving skills in the network, database, server and desktop technology areas ;
· Skill of Managing risk by analyzing the root cause of issues, impact to technology and required corrective actions leveraging advanced analytical skills.
· Skills to ensure that secure development procedures are addressed.
As per the Institution salary scale
