Information Security Officer
- Full-time
- Service Line: Deloitte Human Capital - West Africa
Company Description
The African Medical Centre of Excellence (AMCE) in partnership with King's College Hospital London (KCH) is seeking talented individuals to fill the role of Information Security Officer.
The African Medical Centre of Excellence, Abuja (AMCE Abuja), a multi-specialty medical institution developed by Afreximbank in partnership with King's College Hospital London (KCH) aims to revolutionize healthcare in Africa. Established to address critical gaps, the AMCE Abuja is committed to providing world-class care through innovative research, development, and education. The partnership with King's College Hospital ensures global expertise, world-class clinical training, research, and professional development. The Centre will offer comprehensive services in oncology, haematology, cardiovascular care, and general healthcare across the continent, with plans for expansion. The construction phase, supported by global partners, precedes a phased rollout over six years, evolving into a 500-bed facility.
Set to commence operations in early 2025, this flagship facility in Abuja is a key part of Afreximbank’s network of healthcare facilities, actively countering brain drain, reducing medical tourism by offering advanced procedures such as stem cell transplantation and state-of-the-art treatments for various diseases, and fostering employment opportunities. The vision for the AMCE initiative is to shape a healthier and more educated future for Africa.
Applications Close
Monday, January 6, 2025.
Job Description
The Information Security Officer will be responsible for responsible for developing, implementing, and maintaining AMCE’s information security program, as well as protecting its data and systems from cyber threats. The role holder will also assess the security risks, implement security controls, and ensure compliance with relevant regulations and healthcare industry standards.
Core Responsibilities
1. Security Policy and Standards
- Develop and implement a comprehensive information security policy framework that outlines AMCE’s security goals, objectives, and responsibilities.
- Create detailed procedures for various security functions, including access control, incident response, data classification, and business continuity.
- Conduct periodic reviews of security policies and procedures to ensure they remain relevant and effective.
- Monitor adherence to security policies and procedures and take corrective action when necessary.
2. Risk Assessment and Management
- Conduct regular risk assessments to identify potential security threats and attacks to AMCE’s information systems and data.
- Analyze identified risks, assess their potential impact, and prioritize them based on severity and likelihood.
- Develop and implement effective risk mitigation strategies, such as implementing security controls, conducting security awareness training, and establishing incident response procedures.
- Continuously monitor the security landscape and adjust risk mitigation strategies as needed.
3. Security Audits and Assessments
- Implement and maintain technical security controls, including firewalls, intrusion detection systems, intrusion prevention systems, and encryption technologies.
- Implement and enforce robust access controls, such as strong authentication mechanisms, authorization policies, and role-based access control.
- Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
- Implement a timely management process to address security vulnerabilities and areas for improvement in software and operating systems.
4. Incident Response and Reporting
- Develop and maintain a comprehensive incident response plan, outlining procedures for detecting, responding to, and recovering from security incidents.
- Establish and train an incident response team to handle security incidents effectively.
- Promptly investigate security incidents, document findings, and report to relevant stakeholders.
- Conduct post-incident reviews to identify lessons learned and implement corrective actions to prevent future incidents.
5. Compliance and Auditing
- Ensure compliance with relevant regulations, such as HIPAA by staying up-to-date on regulatory changes and implementing necessary controls.
- Conduct regular security audits and assessments to identify and address security gaps.
- Assess the security practices of third-party vendors and service providers.
- Maintain accurate and up-to-date security documentation and reports.
6. Security Awareness and Training
- Develop and deliver comprehensive security awareness training programs for all employees.
- Conduct regular phishing simulations to assess employee awareness and responsiveness to potential threats.
Qualifications
- Bachelor’s degree in Computer Science, Information Technology, or related field.
- Master’s degree is an added advantage
- Certifications such as CISSP, CISM, or CISA are preferred.
- Minimum of 3 years of experience in information security, risk management, cybersecurity, or a related field.
- Experience in a healthcare or similar regulated industry will be an added advantage.
Additional Information
African Medical Centre of Excellence, Abuja (AMCE Abuja) aims to be an Employer of Choice, providing equal opportunity for everyone regardless of their background, gender, race and other protected characteristics.