Napsa
Job Description
The Senior Analyst – ICT GRC assesses and prioritizes information security and cybersecurity risk across the Authority, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.
Key Responsibilities
- Address Requests from both internal and external audits to ensure that the Authority’s IT landscape is compliant at all levels of the architecture.
- In liaison with the ICT GRC Manager, develop policies, procedures and standards that meet existing and newly developed policy and regulatory requirements.
- Reducing information security and cybersecurity risk to within the Authority’s appetite by helping to prioritize and drive remediation efforts throughout the organization through the following:
- Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
- Coordinate and track the implementation and closure all audit findings/recommendations, identified control weaknesses from risk and control self-assessment (RCSAs), consultant reports or member complaints and risk events.
- Plan and execute regular recurring and ad-hoc security related reviews, audits and internal process reviews
- Drive innovation to improve compliance effectiveness and efficiency
- Create and deliver training to employees on information security topics
- Maintain in-depth knowledge of certifications and controls such as ISSA, SOC-2, and ISO 27001, ISO 22301
- Track compliance gaps and ensure work to remediate gaps meets deadlines.
- Serves as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Perform security and compliance assessments on new and existing systems, processes, technology.
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Perform business impact analysis and assist with development of IT/InfoSec risk register.
Minimum Qualifications
- Grade 12 Certificate with 5 ‘O’ level with credit or better in Mathematics and English
- Degree in B. Eng./BSc. Electronics & Telecommunications Engineering/Computer Science
- The candidate must possess any of the following certifications:
- 1.Certified Information Systems Security Professional (CISSP)
- 2.Certified Information Systems Manager (CISM)
- 3.Certified In Risk and Information System Controls (CRISC)
- 4.Certified Information Systems Auditor (CISA)
- 5.ISO 27001 Lead Implementor
- 6.any other IT/Cyber Security Certification
- Must be a member of the Information and Communication Technology Association of Zambia (ICTAZ) with a valid practicing license.
Minimum Experience Required
- Minimum of four (4) years relevant work experience in a similar role