Skip to main content

Warning message

This job ad is no longer active. Search for new jobs.
Job Category: 
Information Technology
Division: 
Information System
Location: 
Al- Khartoum
Job Summary: 
• Developing, implementing and assisting in managing critical enterprise-wide Security Governance, Risk and Compliance programs to identify and mitigate security risks and protect valuable information and assets within the organization.
Description: 
  • Directly responsible for policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices.
  • Provide oversight for and act as a strategic risk advisor to the Corporate Cyber Security GRC Division, the Divisional CISO Program, the Cyber Business Office, and Cyber Architecture and Strategy
  • Develop and manage an information security risk management program including development, evaluation, and adherence to multiple areas of practice
  • Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the CMMI Cyber Maturity/NIST CSF Framework
  • Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards
  • Identify, assess, manage, and track remediation of risks related to Technology infrastructure, applications, platforms and suppliers and drive explicit requirements and timelines in all environments
  • Develop strong relationships with external audit and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable
  • Liaise with all departments to identify, track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance
  • Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts
  • Develop security compliance strategy and approach and ensure compliance with SOC2, ISO27001, GDPR, local privacy laws, contractual requirements and globally-recognized standards and guidelines
  • Identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
  • Oversee third party assessment standards and privileged user monitoring as a check on critical system access
  • Act as privacy and compliance officer and serves as the intake on security related inquiries and coordinating with subject matter experts
  • Build out and maintain current GRC tools and processes within information security to provide visibility and transparency.
  • Stay current with industry standards, regulatory requirements and best practices around IT such as FFIEC Guidelines, NIST, ITIL, COBIT, Cloud Security Alliance, etc.
  • Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with Information Security policies and best practices
Job Requirements: 
• Education - Bachelor's degree in computer science or related area • Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.). • MBA or Masters (advantageous • 6 plus; years' experience in information technology; 3 plus; in security governance, risk, and compliance management experience • 4 plus; years of progressive information security work experience • Prior experience with security policy, standards, and controls definition.
Required Skills: 
• Customer Focus • Taking the Initiative • Teamwork & Cooperation • Performance Excellence • Negotiation/contract management of external suppliers
Closing Date: 
Monday, December 21, 2020