National Health Insurance Management Authority (NHIMA)
Operate and maintain NHIMA’s technical security systems. The role requires the implementation and operation of security controls across NHIMA’s ICT infrastructure landscape.Enforces security policies and procedures by administering and monitoring security profiles review security violation reports and investigate possible security exceptions, updates, and maintains and documents security controls.
- Investigates identified security breaches in accordance with established procedures and recommends any required actions.
- Assists users in defining their access rights and privileges and administers logical access controls and security systems.
- Maintains security records and documentation.
Business Risk Management
- Carries out risk assessment within a defined functional or technical area of business.
- Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business.
- Refers to domain experts for guidance on specialized areas of risk, such as architecture and the environment. Co-ordinates the development of countermeasures and contingency plans.
- Conducts security risk and vulnerability assessments for defined business applications or IT installations in defined areas, and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls (e.g. the key controls defined in ISO27001).
- Performs risk and vulnerability assessments, and business impact analysis for medium-size information systems.
- Investigates suspected attacks and manages security incidents.
- Takes responsibility for the accessibility, retrievability and security of specific subsets of information.
- Provides advice on the transformation of information from one format/medium to another, where appropriate.
- Maintains and implements information handling procedures.
- Enables the availability, integrity and searchability of information through the application of formal data structures and protection measures.
- Manipulates specific data from information services, to satisfy local or specific information needs.
Service level management
- Performs defined tasks to monitor service delivery against service level agreements and maintains records of relevant information.
- Analyses service records against agreed service levels regularly to identify actions required to maintain or improve levels of service, and initiates or reports these actions
- Manages configuration items (CIs) and related information.
- Applies and maintains tools, techniques and processes for identification, classification and control of CIs and ensuring related information is complete, current and accurate.
- Assesses, analyses, develops, documents and implements changes based on requests for change.
- Provides input to the service continuity planning process and implements resulting plans.
- Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or services.
- Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.
- Defines test conditions for given requirements.
- Designs test cases and creates test scripts and supporting data, working to the specifications provided.
- Interprets, executes and records test cases in accordance with project test plans.
- Analyses and reports test activities and results. Identifies and reports issues and risks.
- Ability to assess, manage and communicate information security concepts and practices with technology and business constituents.
- Strong competency in security policy development, auditing and compliance procedures.
- Strong working knowledge of multiple security specific product solutions (such as network vulnerability scanners, application vulnerability scanners, password auditing tools, data encryption solutions, web site filtering tools, ant-virus systems, firewalls, NIPS, HIPS, identity management solutions, data forensics tools, and SIEM solutions)
- Knowledge in Unix, Windows, Linux, networking and IP intranet/internet security environments including firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification.
- Strong working knowledge of network models and related protocols and services; network architecture concepts as applicable to defense in depth principles.
- Must have knowledge and stay current on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities. Possesses knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, ICT architecture, Monitoring, Incident Response and Security Strategy
Knowledge, Skills, Qualifications and Experience
- Bachelor’s degree in Computer Science, Information technology or Computer Engineering or equivalent.
Competencies required for this Role:
- Bachelor’s degree in Computer Science, Information technology or Computer Engineering or equivalent
- Certified Information System Security Professional (CISSP) or Certified Information Systems Auditor (CISA) or Certified Ethical Hacker (CEH) or CompTIA Security + or Certified Information Security Manager (CISM) or CompTIA Cybersecurity Analyst (CySA+) or Certified Information Security Officer (S-CISO) or Cisco CCNA Cyber Ops
- 5+ Years work experience in ICT Security
- Member of Information and Communications Technology Association of Zambia (ICTAZ)
To apply for this job please visit careers.nhima.co.zm.