Mission Description
Based in Nairobi and reporting to the Chief Information Security Officer, the role exists to ensure appropriate controls are in place for the security of information systems, safeguarding information by seeing that security risks are identified, assessed and accurately reported with specific duties as:-
Apply and distribute the Central Information System Security Policy (ISSP) as well as adapt the ISSP to the concerned perimeter
Apply central information security strategies, both short-term and long-range, in application of the AGL group.
Thoroughly conduct and complete annual reviews and audits as required by engaging both internal business partners across the region and external parties.
Manage LISO security team to oversee ongoing activities in cyber security within the region.
Proactive risk assessment program for all new and existing systems and remain familiar with the current goals and business processes of the AGL group so effective controls can be put in place for those areas that presenting the greatest information security risks in the East and Southern region.
Communicate risks and recommendations to mitigate risks to senior management so decisions can be made to ensure the security of information systems.
Oversee ongoing activities related to the development, implementation, and maintenance of the information security policies and procedures by ensuring these policies and procedures encompass the overall security of information security at rest or in motion within the groups systems and check compliance of departments local processes and procedures to ensure they are not in conflict with Company policies.
Evaluate security incidents and determine what response, if any, is needed and coordinate responses, including technical incident response teams, when sensitive information is breached.
Profile
Degree in IT or equivalent
ISO27001, ISO27002 and ISO27005 certification is mandatory
ITIL Foundations Certified
Professional certification, such as a CISSP, CISM, CISA or other information security credentials would be an advantage