Background

The Industrial Development Corporation (IDC) Limited is a State-Owned Enterprise (SOE) charged with the mandate to spearhead the Zambian Government’s commercial investments agenda aimed at strengthening Zambia’s industrial base and job creation. The Corporation’s vision is to be Africa’s best performing Wealth Fund and Investment Partner of choice. Its Mission is to secure, manage and diversify Zambia’s wealth for current and future generations by making strategic investments that drive sustainable economic development. A need has arisen to fill the position of:

JOB PURPOSE

The Senior Cyber Security Officer will support the Head of ICT in ensuring the security of the Industrial Development Corporation’s (IDC) information systems and data. This role is critical in protecting IDC’s digital assets from cyber threats and ensuring compliance with security policies and regulations. The incumbent will be responsible for developing and implementing cyber security strategies, conducting risk assessments, and overseeing security operations.

KEY RESULT AREAS AND PRINCIPAL ACCOUNTABILITIES

KEY RESULT AREAS

PRINCIPAL ACCOUNTABILITIES (MAIN DUTIES)

Departmental Planning and Budgeting

• Provides input into the departmental workplan and budget.
• Minimizes operational costs by ensuring that divisional expenditure remains within budget approval and savings made from budget.

Cyber Security Strategy and Policy Development

• Develop and implement a comprehensive cyber security strategy that aligns with IDC’s strategic objectives.
• Establish and maintain cyber security policies, procedures, and standards to ensure the protection of IDC’s information assets.
• Continuously evaluate and update cyber security strategies and policies to address emerging threats and vulnerabilities.

Security Risk Assessment and Management

• Conduct regular risk assessments to identify and evaluate potential cyber threats and vulnerabilities.
• Develop and implement risk mitigation strategies to minimize the impact of identified risks.
• Monitor and report on the effectiveness of risk mitigation measures and adjust strategies as necessary.

Security Operations

• Oversee the daily operations of IDC’s cyber security systems and ensure their effective functioning.
• Monitor network traffic and system activities for suspicious activities and potential security breaches.
• Ensure systems and user passwords comply with the password policy
• Ensure Patch management for all systems and networks
• Coordinate incident response efforts and lead investigations into security incidents.

Security Awareness and Training

• Develop and implement security awareness programs to educate employees about cyber security best practices and policies.
• Conduct regular training sessions to enhance the cyber security knowledge and skills of IDC staff.
• Promote a culture of security awareness and vigilance across the organization.

Compliance and Audit

• Ensure compliance with all applicable cyber security laws, regulations, and standards.
• Prepare for and participate in internal and external security audits.
• Implement recommendations from security audits to improve IDC’s security posture.

Security Technology Implementation

• Evaluate, select, and implement advanced security technologies to protect IDC’s information systems.
• Ensure the effective integration of security technologies with existing IT infrastructure.
• Stay updated with the latest developments in cyber security technologies and best practices.

Incident Response and Recovery

• Develop and maintain incident response plans to ensure timely and effective response to security incidents.
• Coordinate with internal and external stakeholders to manage and resolve security incidents.
• Conduct post-incident reviews to identify lessons learned and improve incident response processes.

Reporting and Documentation

• Prepare detailed reports on security incidents, risk assessments, and compliance activities.
• Maintain accurate and up-to-date documentation of security policies, procedures, and incidents.
• Provide regular updates to the Head of ICT on the status of cyber security initiatives and issues

Health and Safety

• Take reasonable care for own health and safety as well as that of other employees, clients, and others as may be required from time to time.

Furtherance of Company’s Interests

• Exercise the powers and duties generally exercised by Senior ICT Officer in the furtherance of the interests of the company as may be authorised and or delegated by the Supervisor.

Meetings

• Prepare key departmental presentations, talking points and any other information required.

Any other Duties

• Perform any other job-related duties as assigned

ESSENTIAL/DESIRABLE QUALIFICATIONS/EXPERIENCE

Professional Qualification:

• Grade 12 School Certificate
• Bachelor’s degree Computer Science, Information Technology, Computer Engineering, and/or equivalent Professional Qualification in relevant field from reputable institution.
• Professional Membership , ICTAZ
• Professional certification in cyber security (e.g., CISSP, CISM, CEH, or equivalent) is an added advantage.

Minimum Relevant Work Experience:

• 5 years relevant work experience or similar position

Skill Specifications:

• Excellent Supervisory skills
• Excellent problem solving and presentation skills.
• Excellent written and verbal communication skills
• Ability to work collaboratively with key internal and external stakeholders
• Data management and record keeping.
• Proficient in using computers

Other Attributes

• Professionalism
• Transparency
• Integrity
• Distinction
• Innovation
• Teamwork

WORKING CONDITIONS

• Office work environment.
• Use of computers and other office equipment.
• Concentration and analysis.
• Managing tight deadlines.
• Normal environmental conditions
• Occasional local and international travel.

• Provides input into the departmental workplan and budget.
• Minimizes operational costs by ensuring that divisional expenditure remains within budget approval and savings made from budget.
• Develop and implement a comprehensive cyber security strategy that aligns with IDC’s strategic objectives.
• Establish and maintain cyber security policies, procedures, and standards to ensure the protection of IDC’s information assets.
• Continuously evaluate and update cyber security strategies and policies to address emerging threats and vulnerabilities.
• Conduct regular risk assessments to identify and evaluate potential cyber threats and vulnerabilities.
• Develop and implement risk mitigation strategies to minimize the impact of identified risks.
• Monitor and report on the effectiveness of risk mitigation measures and adjust strategies as necessary.
• Oversee the daily operations of IDC’s cyber security systems and ensure their effective functioning.
• Monitor network traffic and system activities for suspicious activities and potential security breaches.
• Ensure systems and user passwords comply with the password policy
• Ensure Patch management for all systems and networks
• Coordinate incident response efforts and lead investigations into security incidents.
• Develop and implement security awareness programs to educate employees about cyber security best practices and policies.
• Conduct regular training sessions to enhance the cyber security knowledge and skills of IDC staff.
• Promote a culture of security awareness and vigilance across the organization.
• Ensure compliance with all applicable cyber security laws, regulations, and standards.
• Prepare for and participate in internal and external security audits.
• Implement recommendations from security audits to improve IDC’s security posture.
• Evaluate, select, and implement advanced security technologies to protect IDC’s information systems.
• Ensure the effective integration of security technologies with existing IT infrastructure.
• Stay updated with the latest developments in cyber security technologies and best practices.
• Develop and maintain incident response plans to ensure timely and effective response to security incidents.
• Coordinate with internal and external stakeholders to manage and resolve security incidents.
• Conduct post-incident reviews to identify lessons learned and improve incident response processes.
• Prepare detailed reports on security incidents, risk assessments, and compliance activities.
• Maintain accurate and up-to-date documentation of security policies, procedures, and incidents.
• Provide regular updates to the Head of ICT on the status of cyber security initiatives and issues
• Take reasonable care for own health and safety as well as that of other employees, clients, and others as may be required from time to time.
• Exercise the powers and duties generally exercised by Senior ICT Officer in the furtherance of the interests of the company as may be authorised and or delegated by the Supervisor.
• Prepare key departmental presentations, talking points and any other information required.
• Perform any other job-related duties as assigned

• Excellent Supervisory skills
• Excellent problem solving and presentation skills.
• Excellent written and verbal communication skills
• Ability to work collaboratively with key internal and external stakeholders
• Data management and record keeping.
• Proficient in using computers

• Grade 12 School Certificate
• Bachelor’s degree Computer Science, Information Technology, Computer Engineering, and/or equivalent Professional Qualification in relevant field from reputable institution.
• Professional Membership , ICTAZ
• Professional certification in cyber security (e.g., CISSP, CISM, CEH, or equivalent) is an added advantage.