We are pleased to announce the following vacancy within the Risk
Management Division.
In keeping with our current business needs, we are looking for a
person who meets the criteria indicated below:
Principal Information Risk Officer
Reporting to the Head of Department-Enterprise Risk, the job holder will implement a comprehensive program to assess and mitigate current and emerging risks that impact the integrity, availability and confidentiality of information assets and the information environment.
The job holder will also be responsible for coordinating,
evaluating, and reporting on Information risk in a manner that meets compliance
and regulatory requirements while enabling business units minimize Information
risk.
Key Responsibilities:
Key Responsibilities:
- Review and ensure adequate policies
are implemented to manage Information Risk across the company;
- Provide guidance in the
interpretations of current policies related to specific situations as they
arise;
- Create awareness on the policies in
place across the company and conduct policy exception reviews;
- Contribute to and critique the
development of Information management policies, standards and procedures
across the company and the monitoring thereof;
- Coordinate enterprise information risk
assessments at regular intervals to assess and track the health of information
management across the company;
- Develop and embed appropriate
Information Risk awareness initiatives across the business.
- Offer specialist guidance &
advisory to other business units for timely assurance of key special
projects.
Minimum Requirements:
- Upper second class degree in IT,
Business Information Systems (or related technical field) from a
recognized university;
- Holder of at least one of the
following certifications: CISA, CISM or CISSP;
- At least 4 years proven working
experience in operational management of Information Systems / Information
Security / Information Systems Audit role, or proven experience in
business process assurance and/or risk analysis preferably in a
telecommunications environment;
- Detailed knowledge of GSM and IT
Networks is essential;
- Detailed, methodical and result
oriented;
- Excellent communication skills;
- Upholds high standards of integrity;
- Knowledge of information and physical
security network communications (TCP/IP), operating systems, firewalls,
relational databases (Oracle, SQL, MySQL, Sybase, etc), IPS,
emergency/contingency planning;
- Experience in Policy Writing and/or
good & proven documentation skills;
- Project management skills;
- Experience in risk analysis practices
& participation in incident management initiatives
- Advanced understanding of the
implementation of information security /frameworks e.g. ISMS cyclic
advisory (ISO/IEC 27001:2005) and Pen tests/Vulnerability Assessments will
be an added advantage.
If you feel that you
are up to the challenge and posses the necessary qualification and experience
please send your resume and application letter indicating your experience and
why you are the most suitable candidate for the role clearly quoting the job
title and job reference to the address below.
The deadline for application is Wednesday, 30th May, 2012.
The Senior Manager – Talent Acquisition
Safaricom Ltd
Nairobi
The Senior Manager – Talent Acquisition
Safaricom Ltd
Nairobi
Via E-mail to hr@safaricom.co.ke