Information Security Manager at National Identity Management Commission (NIMC)

As part of preparation towards the full rollout of the National Identity Management System (NIMS), the National Identity Management Commission (NIMC) has arranged to engage the services of suitable candidates with integrity drive and desire to win professionally as individual consultants for the following IT functions in the Commission’s IT/Identity Database Department:

 

 Position: Information Security Manager

 

Job Description

The Information Security Manager provides operational management associated with the protection of information technology assets and intrusion detection. The incumbent shall serve as the expert/advisor on these activities to business this at the organization. Develops and/or implements architectures, policies, procedures, and standards for protecting company assets and operations from theft, unauthorized disclosure or use, damage, or loss. Ensures compliance with security policies and standards as well as ensures actions comply with legal and regulatory requirements.

 

This role will serve as an expert resource to the Director, Information Security and other IT leaders for technical, legal and regulatory areas affecting Information security and disaster recovery initiatives. This position will help design, plan, implement, and execute systems and programmes coupled with the IT strategic plan for IT Security and Compliance

 

Duties and Responsibilities:

  • Develop and implement a successful Information Security Programme.
  • Ensure timely and effective resolution of security and compliance related requests.
  • Develop and maintain the relevant IT Security policies, standards and procedures
  • Identify and manage IT security concerns.
  • Ensure compliance with the organization’s IT Security existing laws and regulations.
  • Deploy measures, systems and processes to increase the security posture.
  • Facilitate, and promote activities to create information security awareness.
  • Assess and detect vulnerabilities and ensure security is designed into the IT Infrastructure.
  • Provided input and guidance for security related initiatives such as Public Key Infrastructure (PKI), Identity Assess Management (IAM), encryption, Data Loss Prevention (DLP), etc.
  • Ensure good governance and adoption of industry best practices
  • Prepare input /reporting for relevant reporting structures.
  • Manages the identification of potential internal and external threats and risks that jeopardize the availability of IT systems and help direct the implementation of mitigation strategies and controls with appropriate use of technology and process.
  • Helps establish architectures and policies and ensure implementation of that architecture to provide the organization with a resilient environment that addresses emerging threats and technologies.
  • Provides requirements on a wide range of IT topics which impact the organization including cyber security strategy, data center security strategy, integration of business partners, intrusion detections and uses this data to support the ongoing need.
  • Sponsors far-reaching and high-profile process improvements and cost-savings measures.
  • Collaborates with business partners and the Business Continuity office to coordinate the development, documentation, communication, testing, enforcement and maintenance of Disaster Recovery plans to ensure the organization can respond to critical business function interruption within a defined frame.
  • Analyzes/ reviews information emerging cyber threats, and is actively engaged in industry forms on threats and opportunities.
  • Make improvement recommendations to managers at all levels to ensure compliance with laws, standards and policies while managing business risks
  • Is up to date with best practices.
  • Able to communicate security related concepts to a broad range of technical and non-technical people.

 

Minimum Requirement/Skills:

Prospective candidates must possess:

  • Minimum of seven (7) years post –qualification cognate experience (expected to be proven) in a technology environment with demonstrated progressive responsibilities.
  • At least five years experience in a management capacity relating to information security & policy required and with at least three (3) years in enterprise information security implementation and management.
  • Extensive experience in enterprise security architecture design
  • Extensive experience in enterprise security document creation
  • Extensive in designing and delivering employee security awareness training.
  • Working technical knowledge of front end and back end environment
  • In-depth knowledge of information security and practice and understanding of privacy and security regulations i.e. PCI, GLBA, HIPAA, SOX, ISO 27001 is required.
  •  The ability to operate on a strategic level and be politically savvy with a good knowledge of the key aspects of business required.
  • Demonstrated ability to successfully organize and lead large complex projects is required.
  • Proven ability to influence and lead an organization is required.
  • Proven ability to build a team of focused people in an organization is a must.
  • This position requires demonstrated excellence in written and verbal communication, collaboration and team building skills.
  • Must be able to plan for priorities and activities associated with identity, access management and enterprise security
  • General understanding of application programme and design, database design, networking components, security components, computer operations and operating system maintenance is required.
  •  Possess an intimate knowledge of the past, current and future cryptographic standards and their applicability to the organizations products.
  • Working knowledge of and experience in policy and regulatory environment and information security.
  • Ability to demonstrate proven experience within the IT security industry.
  • Possession of skills in the following areas- Firewalls, Intrusion detection/prevention systems, VPNs, PKI, Secure ID etc, Active-Directory knowledge.
  • Strong human relations skills to interface with managers and staff at all levels within the organization and deal with vendors.

 

Education background/Qualifications

  • Post graduate degree in Management Information Systems, Information Security, Information Technology, Information System Management, Computer Science/Engineering, Electrical/Electronic Engineering or related field(s).
  • Information Security Certification such as Certified Information Security Manager (CISM)/ Certified Information Systems Security Professional (CISSP)/ Certified Information Security Auditor (CISA)/ ISO 27000, ITIL v2/v3 and Prince2.

 

 

Method of Application:

All interested and suitably qualified candidates should download the relevant Request for Proposal (RFP) Documents from the commission’s website: www.nimc.gov.ng. Duly completed and signed RFP Documents should be saved with Applicant’s names in Microsoft Word or Adobe PDF file format and e-mail to: ics@nimc.gov.ng for only the advertised position of interest, not later than Tuesday, September 11, 2012. Please indicate job title as subject of the email.

 

Prospective candidate should not apply for more than one position!

 

Please Note:

That physical submission of applications will not be entertained!!!

Share

Leave a Reply

Your email address will not be published. Required fields are marked *