Napsa
Job Description
The ICT Governance Specialist plans, sets up, and enforces frameworks to protect data, safeguarding sensitive information and making specific data available according to organizational requirements.
Key Responsibilities
- Develop and maintaining privacy related notices, policies, standards, guidelines and processes
- Conduct assessments, review results and work with stakeholders to mitigate privacy risks across the Authority
- Provide deep technical privacy guidance, analysis, and feedback to business leaders, engineers, solutions and application architects. Help develop, implement and manage processes, internal controls relating to privacy frameworks and offer privacy support to various directorates and or departments
- Collaborate with compliance and security professionals on projects related to compliance with global, local regulatory data protection and privacy laws
- Assist in developing and administering privacy training and awareness campaigns for various groups within the Authority
- Establish and manage tools and develop run books for managing and tracking compliance with the Authority’s privacy obligations such as privacy impact assessments, technical implementation of privacy by design and default, and operational workflows
- Coordinate internal and external audits of our privacy systems and procedures
- Lead Data Protection and Privacy Impact assessments (PIA)
- Provide ongoing management, content development and oversight of the privacy program, including training, risk management, exception handling and process improvement
- Analyze architectural requirements, design and recommend controls that allows enablement of specific capabilities, solutions, or preventative/remediation controls to protect sensitive data and systems in accordance with industry standards and governance/compliance requirements
- Identify security shortcomings in the NAPSA application systems and recommend appropriate policies to ensure best practices and standards are complied with.
- Conduct periodic information Security awareness to all members of staff
- Assist with periodic security risk assessments, IT security audits, and management reporting.
- Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model.
Minimum Qualifications
- Grade 12 Certificate with 5 ‘O’ levels with credit or better in Mathematics and English
- Degree in B. Eng./BSc. Electronics & Telecommunications Engineering/Computer Science/Information Technology.
- The candidate must possess any of the following certifications:
- Certified Data Privacy Solutions Engineer (CDPSE) will be an added advantage.
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Manager (CISM)
- ISO 27001 Lead Implementor
- Certified In Risk and Information System Controls (CRISC)
- Plus any other Cyber Security Certification
- Must be a member of the Information and Communication Technology Association of Zambia (ICTAZ) with a valid practicing license.
Minimum Experience Required
- Not less than four (4) years of IT generalist experience and two (2) years IT security and or information Security experience at a management level in an organisation of similar size.