datatrota
Signup Login
Home Jobs Blog

Information Security Officer at Deloitte

DeloitteAbuja, Nigeria Networking and Tech Support
Full Time

Akintola Williams Deloitte is the Deloitte Touche Tohmatsu Limited (DTTL) member firm in Nigeria and the oldest indigenous professional services firm in Nigeria. The firm was established in 1952 by Mr. Akintola Williams, FCA, CFR, CBE, the doyen of the accountancy profession in Nigeria. Our approach to corporate responsibility is shaped by the recognition that, because we are a professional services organization, our impact on society comes in large part from the way they serve clients

Job Description

The Information Security Officer will be responsible for responsible for developing, implementing, and maintaining AMCE’s information security program, as well as protecting its data and systems from cyber threats. The role holder will also assess the security risks, implement security controls, and ensure compliance with relevant regulations and healthcare industry standards.

Core Responsibilities

Security Policy and Standards

  • Develop and implement a comprehensive information security policy framework that outlines AMCE’s security goals, objectives, and responsibilities.
  • Create detailed procedures for various security functions, including access control, incident response, data classification, and business continuity.
  • Conduct periodic reviews of security policies and procedures to ensure they remain relevant and effective.
  • Monitor adherence to security policies and procedures and take corrective action when necessary.

Risk Assessment and Management

  • Conduct regular risk assessments to identify potential security threats and attacks to AMCE’s information systems and data.
  • Analyze identified risks, assess their potential impact, and prioritize them based on severity and likelihood.
  • Develop and implement effective risk mitigation strategies, such as implementing security controls, conducting security awareness training, and establishing incident response procedures.
  • Continuously monitor the security landscape and adjust risk mitigation strategies as needed.

Security Audits and Assessments

  • Implement and maintain technical security controls, including firewalls, intrusion detection systems, intrusion prevention systems, and encryption technologies.
  • Implement and enforce robust access controls, such as strong authentication mechanisms, authorization policies, and role-based access control.
  • Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
  • Implement a timely management process to address security vulnerabilities and areas for improvement in software and operating systems.

Incident Response and Reporting

  • Develop and maintain a comprehensive incident response plan, outlining procedures for detecting, responding to, and recovering from security incidents.
  • Establish and train an incident response team to handle security incidents effectively.
  • Promptly investigate security incidents, document findings, and report to relevant stakeholders.
  • Conduct post-incident reviews to identify lessons learned and implement corrective actions to prevent future incidents.

Compliance and Auditing

  • Ensure compliance with relevant regulations, such as HIPAA by staying up-to-date on regulatory changes and implementing necessary controls.
  • Conduct regular security audits and assessments to identify and address security gaps.
  • Assess the security practices of third-party vendors and service providers.
  • Maintain accurate and up-to-date security documentation and reports.

Security Awareness and Training

  • Develop and deliver comprehensive security awareness training programs for all employees.
  • Conduct regular phishing simulations to assess employee awareness and responsiveness to potential threats.

Qualifications

  • Bachelor’s degree in Computer Science, Information Technology, or related field.
  • Master’s degree is an added advantage
  • Certifications such as CISSP, CISM, or CISA are preferred.
  • Minimum of 3 years of experience in information security, risk management, cybersecurity, or a related field.
  • Experience in a healthcare or similar regulated industry will be an added advantage.

Method of Application

Signup to view application details. Signup Now
X

Send this job to a friend