Information Security Officer

The Information Security Officer will be responsible for responsible for developing implementing and maintaining AMCEs information security program as well as protecting its data and systems from cyber threats. The role holder will also assess the security risks implement security controls and ensure compliance with relevant regulations and healthcare industry standards.

Core Responsibilities

1. Security Policy and Standards

• Develop and implement a comprehensive information security policy framework that outlines AMCEs security goals objectives and responsibilities.
• Create detailed procedures for various security functions including access control incident response data classification and business continuity.
• Conduct periodic reviews of security policies and procedures to ensure they remain relevant and effective.
• Monitor adherence to security policies and procedures and take corrective action when necessary.

2. Risk Assessment and Management

• Conduct regular risk assessments to identify potential security threats and attacks to AMCEs information systems and data.
• Analyze identified risks assess their potential impact and prioritize them based on severity and likelihood.
• Develop and implement effective risk mitigation strategies such as implementing security controls conducting security awareness training and establishing incident response procedures.
• Continuously monitor the security landscape and adjust risk mitigation strategies as needed.

3. Security Audits and Assessments

• Implement and maintain technical security controls including firewalls intrusion detection systems intrusion prevention systems and encryption technologies.
• Implement and enforce robust access controls such as strong authentication mechanisms authorization policies and rolebased access control.
• Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
• Implement a timely management process to address security vulnerabilities and areas for improvement in software and operating systems.

4. Incident Response and Reporting

• Develop and maintain a comprehensive incident response plan outlining procedures for detecting responding to and recovering from security incidents.
• Establish and train an incident response team to handle security incidents effectively.
• Promptly investigate security incidents document findings and report to relevant stakeholders.
• Conduct postincident reviews to identify lessons learned and implement corrective actions to prevent future incidents.

5. Compliance and Auditing

• Ensure compliance with relevant regulations such as HIPAA by staying uptodate on regulatory changes and implementing necessary controls.
• Conduct regular security audits and assessments to identify and address security gaps.
• Assess the security practices of thirdparty vendors and service providers.
• Maintain accurate and uptodate security documentation and reports.

6. Security Awareness and Training

• Develop and deliver comprehensive security awareness training programs for all employees.
• Conduct regular phishing simulations to assess employee awareness and responsiveness to potential threats.

Qualifications :

• Bachelors degree in Computer Science Information Technology or related field.
• Masters degree is an added advantage
• Certifications such as CISSP CISM or CISA are preferred.
• Minimum of 3 years of experience in information security risk management cybersecurity or a related field.
• Experience in a healthcare or similar regulated industry will be an added advantage.

Additional Information :

African Medical Centre of Excellence Abuja (AMCE Abuja) aims to be an Employer of Choice providing equal opportunity for everyone regardless of their background gender race and other protected characteristics.

Remote Work :

No

Employment Type :

Fulltime