Manager ICT Security Job Vacancies – Petroleum Authority of Uganda (PAU)
Job Title: Manager ICT Security
Organization: Petroleum Authority of Uganda (PAU)
Duty Station: Kampala, Uganda
Reports to: Director ICT and Data Management
About US:
The Petroleum Authority of Uganda (PAU) is a statutory body established under Section 9 of the Petroleum (Exploration, Development and Production Act 2013, and in line with the National Oil and Gas Policy for Uganda which was approved in 2008. The PAU’s mandate is to monitor and regulate the exploration, development and production, together with the refining, gas conversion, transportation and storage of petroleum in Uganda. This includes ensuring that petroleum operations in Uganda are carried out in accordance with the relevant laws, regulations, guidelines, statutes and in line with international best practice for the petroleum industry.
Job Summary: The Manager ICT Security will be responsible to and report to the Director ICT and Data Management. He/she will be responsible for implementation of Enterprise Risk Management and Compliance, Business Continuity and Disaster Recovery Systems, ICT Security Controls and ensure Confidentiality, Availability and Integrity (CIA) of systems and creation of secure integration and external linkages to other E-Government Systems. He/ She will be responsible for ensuring controls are inbuilt in ICT and Data Management systems, software development, Internal Capacity building, governance, management, implementation of security monitoring and control framework to address the Authority’s information technology security risks, prevent unauthorized access to the Organization’s ICT Infrastructure, Systems Applications and data/information; and regular reporting on the threats landscape.
Key Duties and Responsibilities:
- Develop and implement the ICT Security and Compliance strategy that is aligned to overall organization strategy.
- Coordinate the secure integration and external linkages to other E-Government Systems.
- Develop, refine, maintain and implement enterprise-wide Information Security and Risk policies, procedures and standards to meet compliance responsibilities.
- Coordinate the design and implementation of disaster recovery system, Data Backups, business continuity planning, testing of the systems.
- Coordinate the development and maintenance of a comprehensive ICT and Data Management risk register.
- Implement, maintain and monitor the information technology security architecture consistent with relevant laws and international security standards and practices;
- Conduct business impact analysis to ensure that key resources both tangible and intangible are adequately protected with proper security measures and controls.
- Develop capacity in the use of quantitative and qualitative approaches, CostBenefit and risk analysis in ICT risk mitigation and control measures.
- Evaluate security risks, identify and define compliance strategies in accordance with policies, standards, guidelines and procedures.
- Implement the Data Protection control frameworks for the organization
- Coordinate and oversee the processes for software design, development and commissioning to ensure Quality Assurance and security controls are in-built with in
- Periodically undertake assessment of the ICT security landscape to identify security gaps/vulnerabilities, recommend control mechanisms;
- Review, develop and guide the implementation of security policies and procedures for access management, user activity monitoring, logging, and general security controls;
- Supervise the system tuning tasks and database optimization in order to improve the reliability of information technology security solutions;
- Coordinate investigations into information technology security violations to facilitate decision making;
- Coordinate and supervise the implementation of information security awareness and sensitization programs for staff;
- Prepare and submit periodic ICT Security and compliance reports
- Plan and manage the performance and development of staff under supervision so as to improve their productivity; and
- Perform any other duties as may be assigned from time to time.
Qualifications, Skills and Experience:
- The applicant for the Petroleum Authority of Uganda (PAU) Manager ICT Security job placement must hold a Masters’ Degree in Computer Science, Information Technology, information and Network security, Cyber security management, Statistics (Computing option), Software Engineering; Computer Engineering, Management Information System (MIS), Information Systems Security from an internationally recognized University/ Institution.
- An honors bachelor’s degree in Computer Science; Information Technology; Statistics with computing option; Mathematics with computing option; Business Computing; Commerce (Accounting and IT option); Information Systems, Information Security; Computer Engineering; Software Engineering, from an internationally recognized University or institution.
- At least seven years (7) years’ working experience in the design and implementation of enterprise resource planning systems, Risk management and mitigation, systems security and database management, system development, system administration, enterprise security architecture design five (5) of which should have been gained at middle management level from a busy and reputable organization.
- Demonstrated understanding and familiarity with Business Continuity and Disaster Recovery Planning, Information Systems Security and IT Risk Assessment and Management, Cyber Security, email, access lists and internet, web, application and network security techniques.
- Demonstrated understanding and experience in conducting Enterprise Risk Assessments and mitigations, Cost Benefit Analyses, and Governance, Risk and Compliance (GRC).
- Good knowledge of the ICT policies, procedures, standards and Legislations.
- Good knowledge of software development processes and testing.
- Professional certification such as; Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Oracle Certified Professional (OCP), Certified Information Systems Auditor (CISA), Certified in Governance and Enterprise IT (CGEIT) COBIT 5, ISO27001 Information Security Management, Project Management Professional (PMP), Data Analytics, and Microsoft Certified Technology Specialist (MCTS).
- Possess excellent project management skills.
- Good communication and interpersonal skills.
- Ability to conduct research into enterprise systems, networking issues and products as required.
- Highly self-motivated and directed, with keen attention to detail.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize tasks in a high-pressure environment.
- Strong customer service orientation.
How to Apply:
All suitably qualified and interested candidates are encouraged to apply online by clicking on the link below.
Click Here (Register) -> Proceed to Application
NOTE:
- ONLY online applications will be considered.
- Applicants are required to scan and attach CERTIFIED copies of the required academic documents only e.g. Degree, Transcript, Diploma, A-level and O-level certificates and PLE results slip.
- Academic documents for the successful candidates will be vetted and background checks conducted before they are considered for appointment into the Authority.
- Only short listed and successful candidates will be contacted.
- All appointments shall be subject to a probationary period of not more than six months and subsequent confirmation in service will be based on satisfactory performance of the individual.
Deadline: 28th August 2020 by 11:59 pm.