Information Security Officer, Country Office Ref No: GIZ-CO/ISO/0523022

• Basic knowledge of actual Microsoft Software and Services ecosystem
• Methodological competence in: ISO/IEC 27001, risk management, vulnerability management, audit
• Has overview of tasks and objectives of the institution and can evaluate and classify them with respect to information security.
• Excellent communication skills.
• Ability to work independently.
• Knowledge of English language level C; knowledge of German language is an asset.
• Willingness to travel within Uganda and abroad.

Key Responsibilities

The Information Security Officer (ISO) will be responsible for:

• Establishing and later managing the security incident process.
• Accompanies the Audit Management process.
• Local representative of the information security organization and thus the Information Security Management System (ISMS).
• Acting as Single Point of Contact (SPoC) for information security.
• Providing structure reporting to the CISO.
• Recording the status of information security.

The Information Security Officer fulfils the following tasks:

Specific Tasks

• Responsible for elaborating, reviewing, and updating the local security concept, the coordination and implementation of measures, guidelines/concepts as well as the adaptation of guidelines/concepts to local conditions.
• Coordinates existing awareness measures and is to a limited extent personally responsible for the awareness/training efforts Concerning the information security among employees.
• Responsible for the control of the effectiveness of security measures, for revisions and audits and for ensuring the investigation of security-related incidents & coordination of their reporting (reporting system).
• As representative of the Information Security Management System Team (ISMS Team) and sort of local counterpart of the CISO, the Information Security Officer (ISO) also has the permanent task of reporting to the CISO and supply necessary information for the management report of the CISO.
• Provides continuous consulting on information security topics and the constant operation of risk management and level estimation of information protection requirements.
• Implement and manage the security incident process.
• Support and accompany the audit management process possibly including the local coordination of “penetration testing”.
• Create and implement a functioning vulnerability management.
• Ensure through a structural analysis via asset recording an up-to date and complete asset inventory in cooperation with asset owners.
• Responsible for reviewing and updating the local information security concept, the coordination and implementation of measures and the communication and implementation of guidelines/concepts.

 Other Duties/Additional Tasks

• Performs other duties and tasks at the request of management.

All interested and qualified persons are encouraged to apply to the Head of Human Resources by email to vacancy@futureoptions.org. Applications and CVs should be in one document and a maximum of 5 pages only and sent electronically, quoting the position and reference number. Please include name and contact of three references in the CVs, one official reference from your current workplace is a MUST.

Applications should be received by 5.00 pm on 29^th May 2023. Please note: This is a national position.

Only the shortlisted candidates will be contacted.

Disclaimer: GIZ DOES NOT charge any kind of FEE(s) at whichever stage of the recruitment process.

This recruitment is ONLY through Future Options Consulting Ltd.