ICT Governance Specialist

Job Description

The ICT Governance Specialist plans, sets up, and enforces frameworks to protect data, safeguarding sensitive information and making specific data available according to organizational requirements.

Key Responsibilities
Develop and maintain privacy-related notices, policies, standards, guidelines and processes
Conduct assessments, review results and work with stakeholders to mitigate privacy risks across the Authority
Provide deep technical privacy guidance, analysis, and feedback to business leaders, engineers, solutions and application architects. Help develop, implement and manage processes and internal controls relating to privacy frameworks and offer privacy support to various directorates and or departments
Collaborate with compliance and security professionals on projects related to compliance with global and local regulatory data protection and privacy laws
Assist in developing and administering privacy training and awareness campaigns for various groups within the Authority
Establish and manage tools and develop run books for managing and tracking compliance with the Authority’s privacy obligations, such as privacy impact assessments, technical implementation of privacy by design and default, and operational workflows
Coordinate internal and external audits of our privacy systems and procedures
Lead Data Protection and Privacy Impact assessments (PIA)
Provide ongoing management, content development and oversight of the privacy program, including training, risk management, exception handling and process improvement
Analyze architectural requirements, design and recommend controls that allow the enablement of specific capabilities, solutions, or preventative/remediation controls to protect sensitive data and systems in accordance with industry standards and governance/compliance requirements
Identify security shortcomings in the NAPSA application systems and recommend appropriate policies to ensure best practices and standards are complied with.
Conduct periodic information Security awareness to all members of staff
Assist with periodic security risk assessments, IT security audits, and management reporting.
Review and coordinate changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model
Minimum Qualifications
Grade 12 Certificate with 5 ‘O’ levels with credit or better, including Mathematics and English
Degree in B. Eng./BSc. Electronics & Telecommunications Engineering/Computer Science/Information Technology
Certified Data Privacy Solutions Engineer (CDPSE) will be an added advantage.
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Manager (CISM)
ISO 27001 Lead Implementor
Certified In Risk and Information System Controls (CRISC)
Must be a member of the Information and Communication Technology Association of Zambia (ICTAZ) with a valid practicing license.
Minimum Experience Required
Not less than four (4) years of IT generalist experience and two (2) years IT security and or information Security experience at a management level in an organisation of similar size.