Information Security Officer Job

*Job Title: Information Security Officer
* Grade: PL-6
* Position N°: 0940
* Reference: ADB/10/105
* Publication date: 02/08/2010
* Closing date: 05/09/2010

Objectives

Under the direct supervision of the Chief Information Security Officer (CISO) who reports directly to the Head of the Security Unit. The Information Security Officer will be responsible for protecting Bank’s IT infrastructure by

* Ensuring Confidentiality, Integrity and availability of Bank’s information assets
* Ensuring strategic implementation of Information Security in support of business objectives;
* Ensuring reduction of adverse impacts on the Bank’s business operations to an acceptable level and other responsibilities that may be assigned by the CISO.

Duties and responsibilities

Under the direct supervision of the Chief Information Security Officer (CISO), the duties and responsibilities are as follows:

Maintain up-to-date Bank -wide Information Security Standards:

* Participate in the establishment and maintenance of information security policies and standards that support business goals and objectives.

Information Security Management:
Participate in the execution of information security activities to execute the information security program.

* Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the Bank’s information security policies.
* Apply metrics to measure, monitor, and report on the effectiveness of information security controls and compliance with information security policies.
* Control and ensure that information security is not compromised.
* Perform regular vulnerability assessments to evaluate effectiveness of existing controls.
* Ensure that non-compliance issues and other variances especially are identified and resolved in a timely manner.
* Provide expect advice and recommendation in respect of Information Security.
* Pro-actively identify gaps in the group standards, whether through an analysis of internal waiver requests incidents and KPIs, feedback from other security managers or from a study and external developments.
* Manage the process to engage with subject matter experts and the wider information Security community across the group to maintain relevance of the standards and to ensure buy-in by all parties.

Risk Management:

Identification and manage of information security risks to achieve business objectives:

* Develop a systematic, analytical, and continuous risk management process relating
* Identify and analyze risks through suitable methods approved by the CISO
* Conduct 3rd party service provider security assessment on the Bank’s critical vendors in disparate locations.
* Define and recommend strategies and prioritize options to mitigate risk to levels acceptable to the Bank.

Manage Information Security Awareness and Training activities:

* Train staff and promote awareness of policy and standards in an effort to build a culture of risk management.
* Design awareness content and deliver using appropriate channels for all the constituencies who must be made aware of their security responsibilities. This includes: all staff, specialist IT staff, business unit heads, senior management, specialist in the risk and compliance areas.
* Manage appropriate ‘’sign-off” mechanisms to record that staff have been made aware of their responsibilities.
* Conduct Information Security induction for new staff members
* Develop and deliver effective information security education and awareness to influence culture and behaviour of staff.
* Induction processes for new staff, newly promoted management, Staff operation help desks, call centers or user registration processes, Technical administration staff, Developers and testers, other particularly sensitive functions.
* Conduct Targeted trainings different departments and audiences.

ISO 27001 Certification

* Assess the organization’s readiness for certification against ISO 27001; prepare AfDB Group for certification against ISO 27001 at an appropriate time.
* Maintain the Bank’s Information Security WebPages as a source of up-to-date information about Policy, Standards, methods and people.

Other Duties:

* Developing and implementing a Bank-wide information security program as directed by the CISO

Selection Criteria

Including desirable skills, knowledge and experience

* At least a Master degree in Information Security or an Information Security related field.
* At least four (4) years of relevant and pertinent experience in Information security.
* Familiar with good security practices gleaned from sources such as the ISO/IEC 27000 series and NIST SP 800 standards plus applicable law and standard
* Mixed coordination, analytical and technical skills and knowledge in all aspects of computer security in enabling the business.
* Experience of delivering information security awareness and training activities, ideally with experience of developing creative materials used
* High level degree of confidentially and integrity; very good interrelations skills, and diplomatic skills.
* Good understanding of computer systems security strategies, policies, principles, procedures and standards.
* Excellent written and verbal communication skills in English or French; with a working knowledge of the other language.
* Demonstrated ability to analyze facts and implement concrete solutions.
* Very good records of networking with people and knowledge of successful integration in a multicultural organization.
* Excellent customer service attitude and ability to work in a team.
* Competence in the use of Bank standard software (Word, Excel, Access and PowerPoint).


Only applicants who fully meet the Bank's requirements and are being considered for interview will be contacted. Applicants will only be considered if they submit (preferably electronically, to: recruit@afdb.org) a fully completed Personal History Form (PHF), available from the Bank’s web site, and attach a comprehensive Curriculum Vitae (CV) indicating date of birth and nationality. The President, ADB, reserves the right to appoint a candidate at a lower level. The African Development Bank is an equal opportunities employer and female candidates are strongly encouraged to apply.