Job Description

As a security manager, you will be responsible for monitoring the security operations of the University. You will develop and maintain necessary processes and procedures for preventive and responsive security measures based on initiative, guidance and direction set by the Regulator. You will regularly review the risk assessments, conduct internal quality control activities, and monitor follow-up actions, including post-security findings and audits.

The responsibilities include, but not limited to:

• Work with Head of Department (HOD), IT to formulate and implement Information Security Risk Policy, standards, best practices for adequate IT security, risk and compliance controls across the University
• Perform regular reviews of the governance framework policies and procedures to ensure that they are updated to the changing University’s needs;
• Conduct in-house security audits, reviews, scans, code reviews and compliance checks to assess systems, infrastructure, services and processes for security and compliance with security policies, standards and procedures;
• Work with internal and external auditors in planning and conducting security audits, reviews, scans and tests;
• Respond timely to security incidents and conduct investigation and recommend the appropriate follow up actions including containment, recovery and preventive measures;
• Perform audit log reviews and assessments to detect security breaches and anomalies;
• Keep abreast of the latest industry security practices and technologies as well as emerging threats and vulnerabilities, and recommend appropriate controls for implementation to improve the University security posture;
• Oversee and guide IT Security Executive in performing his duties;
• Promote, train and create staff awareness of IT security and data protection policies and practices;
• Other duties as assigned by supervisor 

Job Requirements

• Bachelor Degree in Computer Science, Computer or Information Technology;
• Minimum 5 years of relevant working experience;
• Good knowledge of information security principles and technologies, governance and compliance;
• Experience in implementing security audits, controls and mitigating measures for Internet/enterprise IT infrastructure and applications (preferably with CISA qualification or equivalent);
• Experience in implementing security solutions for Internet/enterprise IT infrastructure (preferably with CISSP and CEH qualification or equivalent);