Senior Information Security and Governance Engineer at Old Mutual Zimbabwe

job Description

Key Focus & Role Description:
The Information Security Engineer will be responsible for overseeing and managing the organization's information security program to ensure the integrity, confidentiality, and availability of information assets. The Engineer will assist in the development and implementation of security policies, conduct risk assessments, monitor security systems, and respond to security incidents. This role requires a deep understanding of both technical and administrative security controls.

Duties and Responsibilities

Key Result Areas:
-Promote a culture of security awareness across the organization.
-Conduct regular risk assessments and audits to identify potential security threats and vulnerabilities.
-Develop strategies to mitigate identified risks and implement appropriate security measures.
-Ensure appropriate risk mitigation and control processes for security incidents as required.
-Document and disseminate information security policies, procedures, and guidelines to ensure compliance with all regulatory requirements.
-Coordinate a response to actual or suspected breaches in the confidentiality, integrity, or availability of information assets.
-Develop and maintain an incident response plan.
-Lead the response to security incidents, including investigation, containment, and recovery.
-Conduct post-incident analysis to identify root causes and improve future response.
-Participate in audits and assessments conducted by internal and external parties.
-Ensure that third-party agreements include appropriate security provisions.
-Understand and report security risks and how they impact the confidentiality, integrity and availability of information assets.
-Research and propose IT security solutions.
-Maintains documentation relevant to area of responsibility.
-Ensures vulnerability management solutions are implemented.
-Responds and manages security related events and alerts.
-Manage and implement IAM systems and processes.
-Manages the ICT control environment.

Qualifications and Experience

-Appropriate technical qualifications plus 3 years’ experience in an IT environment
-Experience in developing and implementing security policies and procedures.
-Experience with risk management, compliance, and incident response.

Qualification
-A degree in IT and appropriate technical qualifications plus 3 years’ experience in an IT environment.
Certifications
-Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), or equivalent.

Technical Skills:
-Proficiency in security technologies such as firewalls, IDS/IPS, SIEM, DLP, and encryption.
-Understanding of network security, application security, and cloud security.
-Familiarity with security frameworks and standards (e.g., ISO/IEC 27001, NIST, PCI-DSS).