The Senior Analyst – ICT GRC assesses and prioritizes information security and cybersecurity risk across the Authority, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.
- Address Requests from both internal and external audits to ensure that the Authority’s IT landscape is compliant at all levels of the architecture.
- In liaison with the ICT GRC Manager, develop policies, procedures and standards that meet existing and newly developed policy and regulatory requirements.
- Reducing information security and cybersecurity risk to within the Authority’s appetite by helping to prioritize and drive remediation efforts throughout the organization through the following:
- Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
- Coordinate and track the implementation and closure all audit findings/recommendations, identified control weaknesses from risk and control self-assessment (RCSAs), consultant reports or member complaints and risk events.
- Plan and execute regular recurring and ad-hoc security related reviews, audits and internal process reviews
- Drive innovation to improve compliance effectiveness and efficiency
- Create and deliver training to employees on information security topics
- Maintain in-depth knowledge of certifications and controls such as ISSA, SOC-2, and ISO 27001, ISO 22301
- Track compliance gaps and ensure work to remediate gaps meets deadlines.
- Serves as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Perform security and compliance assessments on new and existing systems, processes, technology.
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Perform business impact analysis and assist with development of IT/InfoSec risk register.
- Grade 12 Certificate with 5 ‘O’ level with credit or better in Mathematics and English
- Degree in B. Eng./BSc. Electronics & Telecommunications Engineering/Computer Science
- The candidate must possess any of the following certifications:
- 1.Certified Information Systems Security Professional (CISSP)
- 2.Certified Information Systems Manager (CISM)
- 3.Certified In Risk and Information System Controls (CRISC)
- 4.Certified Information Systems Auditor (CISA)
- 5.ISO 27001 Lead Implementor
- 6.any other IT/Cyber Security Certification
- Must be a member of the Information and Communication Technology Association of Zambia (ICTAZ) with a valid practicing license.
Minimum Experience Required
- Minimum of four (4) years relevant work experience in a similar role
To apply for this job please visit careers.napsa.co.zm.