Information Security Officer at the African Medical Centre of Excellence (AMCE Abuja) - Deloitte Human Capital Consulting

Deloitte Human Capital Consulting - Our client, the  African Medical Centre of Excellence, Abuja (AMCE Abuja), is a quaternary-level multi-specialty medical institution developed by Afreximbank aims to revolutionize healthcare in Africa. Established to address critical gaps, the AMCE Abuja is committed to providing world-class care through innovative research, development, and education. The Centre will offer comprehensive services in oncology, haematology, cardiovascular care, and general healthcare across the continent, with plans for expansion. The construction phase, supported by global partners, precedes a phased rollout over six years, evolving into a 500-bed facility.

They are recruiting suitable candidates to fill the position below:

Job Title: Information Security Officer

Location: Abuja
Job type: Full-time

Job Description

• The Information Security Officer will be responsible for responsible for developing, implementing, and maintaining AMCE’s information security program, as well as protecting its data and systems from cyber threats.
• The role holder will also assess the security risks, implement security controls, and ensure compliance with relevant regulations and healthcare industry standards.

Core Responsibilities
Security Policy and Standards:

• Develop and implement a comprehensive information security policy framework that outlines AMCE’s security goals, objectives, and responsibilities.
• Create detailed procedures for various security functions, including access control, incident response, data classification, and business continuity.
• Conduct periodic reviews of security policies and procedures to ensure they remain relevant and effective.
• Monitor adherence to security policies and procedures and take corrective action when necessary.

Risk Assessment and Management:

• Conduct regular risk assessments to identify potential security threats and attacks to AMCE’s information systems and data.
• Analyze identified risks, assess their potential impact, and prioritize them based on severity and likelihood.
• Develop and implement effective risk mitigation strategies, such as implementing security controls, conducting security awareness training, and establishing incident response procedures.
• Continuously monitor the security landscape and adjust risk mitigation strategies as needed.

Security Audits and Assessments:

• Implement and maintain technical security controls, including firewalls, intrusion detection systems, intrusion prevention systems, and encryption technologies.
• Implement and enforce robust access controls, such as strong authentication mechanisms, authorization policies, and role-based access control.
• Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
• Implement a timely management process to address security vulnerabilities and areas for improvement in software and operating systems.

Incident Response and Reporting:

• Develop and maintain a comprehensive incident response plan, outlining procedures for detecting, responding to, and recovering from security incidents.
• Establish and train an incident response team to handle security incidents effectively.
• Promptly investigate security incidents, document findings, and report to relevant stakeholders.
• Conduct post-incident reviews to identify lessons learned and implement corrective actions to prevent future incidents.

Compliance and Auditing:

• Ensure compliance with relevant regulations, such as HIPAA by staying up-to-date on regulatory changes and implementing necessary controls.
• Conduct regular security audits and assessments to identify and address security gaps.
• Assess the security practices of third-party vendors and service providers.
• Maintain accurate and up-to-date security documentation and reports.

Security Awareness and Training:

• Develop and deliver comprehensive security awareness training programs for all employees.
• Conduct regular phishing simulations to assess employee awareness and responsiveness to potential threats.

Qualifications

• Bachelor's Degree in Computer Science, Information Technology, or a related field.
• Master’s degree is an added advantage
• Certifications such as CISSP, CISM, or CISA are preferred.
• Minimum of 3 years of experience in information security, risk management, cybersecurity, or a related field.
• Experience in a healthcare or similar regulated industry will be an added advantage.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online