18 Mar 2013
Full-Time World Vision Kenya recruits IT Security Advisor – Data Management
Job Description
| Position Title: | IT Security Advisor – Data Management | Application Deadline Date: | 20 Mar 2013 |
| Position Location: | Nairobi, Kenya, or open to other international locations. | Position Start Date: | 25 Apr 2013 |
| Region: | AfricaEast Africa | Position End Date: | 25 Apr 2099 |
| Requisition Category: | International | Recruitment Priority: | Need Immediately |
| Country Name: | Kenya | Program/Office Name: | GICT – Information Security |
| City/Province: | Nairobi, Kenya, or open to other international locations. | Employee Type: | Home Country Intl. (HCI) |
| Job Grade Level: | 16/164 | Recruitment Status: | Actively Recruiting |
| Is this a family post? | Family – Spouse with Children |  |
|
|
|
Requisition Num: | 2012AFERBRE-936U6W |
PURPOSE OF POSITION:
The IT Security Advisor for Data Management will be responsible for the identification, classification and overall data security governance structure of World Vision’s data and data management program.
KEY RESPONSIBILITIES:
INFORMATION/DATA SECURITY:
- Defines, identifies and classifies information assets.
- Assesses threats and vulnerabilities regarding information assets and recommends the appropriate security controls and measures.
- Develops and manages security measures for information systems to prevent security breaches.
- Consults with clients on the data classification of their resources
- Provides reports to leaders regarding the effectiveness of information security and makes recommendations for the adoption of new policies and procedures.
- Develops and implements strategies to align information security with business objectives and goals, protecting the integrity, confidentiality and availability of data.
RISK ASSESSMENTS: - Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk.
- Reviews risk assessments, analyzes the effectiveness of IT control activities, and reports on them with actionable recommendations.
- Evaluates security risks and identifies and defines compliance strategies in accordance with policies and standards.
- Provides management with risk assessments and security briefings to advise them of critical issues that may affect customer, or corporate security objectives.
- Communicates with multiple departments and levels of management in order to resolve technical and procedural IT security risks.
- Develops remediation strategies to mitigate risks associated with the protection of infrastructure and information assets.
STRATEGY: - Provides strategic and tactical direction and consultation on security and IT compliance.
POLICIES, PROCEDURES, & STANDARDS: - Maintains an up-to-date understanding of industry best practices.
- Develops, enhances and implements enterprise-wide security policies, procedures and standards across multiple platform and application environments.
- Monitors the legal and regulatory environment for developments.
- Recommends manages implementation of required changes to IT policies and procedures.
- Monitors compliance with security policies, standards, guidelines and procedures.
- Ensures security compliance with legal and regulatory standards.
BUSINESS REQUIREMENTS: - Engages directly with the business to gather a full understanding of project scope and business requirements.
- Assesses business needs against security concerns and articulates issues and potential risks to management.
- Consults with other business and technical staff on potential business impacts of proposed changes to the security environment.
- Provides security-related guidance on business process.
SECURITY SOLUTIONS: - Works closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.
OPERATIONS SOLUTIONS: - Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
- Defines and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment.
SECURITY AUDITS: - Performs security audits.
- Participates in security investigations and compliance reviews as requested by external auditors.
- Consults with clients on security violations.
- Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented.
BUSINESS CONTINUITY/DISASTER RECOVERY: - Develops impact analysis.
- Assists business partners with the determination of critical business processes and systems.
- Identifies and coordinates resolution of recovery issues.
COMMUNICATIONS/CONSULTING: - Serves in an advisory role in application development projects to assess security requirements and controls and ensures that security controls are implemented as planned.
- Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
- Provides input for the development of the security architecture.
- Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project.
- Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information.?
- Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
KNOWLEDGE, SKILLS & ABILITIES:
REQUIRED:
- Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
- Requires in-depth knowledge of information lifecycle management and data classification schemas.
- Requires in-depth knowledge of data loss prevention (DLP) tools and technologies.
- Typically requires 7 – 10 years of combined IT and security work experience with a broad range of exposure to DLP technologies.
- Recommended Security Certification (i.e., Certified Information Systems Security Professional (CISSP), Certified Information Security Manage (CISM), or Global Information Assurance Certification (GIAC).
261 total views, 1 today