1. No category

MINISTRY OF JUSTICE
JOB SPECIFICATION & DESCRIPTION
Job Title
Information Systems Security
Officer
Reports To:
Department
Management Information
Systems
Accountable
To:
Grade
Manages:
Director, Management Information
Systems
N/A
THIS DOCUMENT IS VALIDATED AS AN ACCURATE AND TRUE DESCRIPTION OF THE JOB AS SIGNIFIED BELOW:
__
Employee
Date
__
Manager/Supervisor
Date
__
Head of Department/Division
Date
__
Date received in Human Resource Division
Date created/revised
Page 1 of 4
A. JOB PURPOSE STATEMENT
To provide continuous independent assurance on the Information Security as regards confidentiality, integrity and
availability of the IT infrastructure, processing systems and related resources in line with the Information Security
Policy and supporting procedures.
B. KEY OUTPUTS








ICT Security policy monitored for compliance
Information Systems Secured
Website security maintained
Email servers secured
Staff awareness sensitization conducted
Incident response plan developed
Firewall policies maintained
Support provided to users
C. KEY RESPONSIBILITY AREAS

Develop security and privacy policy that embody best industry practices and best fit for the Ministry of
Justice and its portfolio of agencies and departments.

Review and oversee critical notification processes that are to be followed for security related incidents.
Ensure that processes to identify and appropriately announce security incidents as well as internal
procedures outlining responses to security related issues appropriately reflect widely practiced processes.

Coordinate planning activities related to responses to security events. Planning activities are to include cross
departmental and agencies procedures.

Work with regulatory bodies and the Legal offices to interpret regulations, laws, etc. and develop policies,
processes and standards that ensure compliance with these regulations. Integrate security policies and
practices with those implemented with respect to privacy and other required security objectives.

Develop a formal process to review, on a quarterly basis, procedures, incidents, and responses, associated
with the security of information and report to the Director of MIS all relevant materials.

Develop and present training activities and awareness programs that prepare the organization for security
events.

Coordinate responses to security events or violations of the confidentiality of private information. This
includes coordination of activities related to problem containment, management notification, interaction
with Public relations, etc.

Validate that activities and controls related to the prevention of security incidents are in place and being
followed, (this includes a review of physical access controls where secure information is contained, review of
software programs and operating systems to ensure that updates and patches are being applied, review of
security procedures to ensure compliance, review of adherence to policies and standards governing the use
Page 2 of 4
and management of systems, involvement in testing of disaster recovery and business continuity plans and
validation of results, etc.

Ensure that risk assessments are conducted as they relate to the appropriate protection of MoJ electronic
resources. In conjunction with other departments within the Ministry, conduct regular risk assessments.

Ensure that appropriate controls related to the access of secure information are documented and are being
followed (this may include access control lists, passwords or other access controls, authentication and
authorization mechanisms, etc.).

Work with other groups and offices within the Ministry to assess the level of risk associated with the
maintenance of paper records, management of information contained in non-electronic form.

Assist with the development of policies and processes designed to protect information and reduce the risk of
exposing this information.

Develop guidelines for disciplinary actions that would apply to persons/groups found to be violation of
policies

Act as a policy enforcement agent for the Ministry and its portfolio agencies and departments and
proactively assess the MoJ’s compliance with policies and report the results of these assessments to the
Director of MIS
D. PERFORMANCE STANDARDS
This job is satisfactorily performed when:
* ICT Security policy monitored for compliance
* Information Systems Secured in accordance with established policies
* Network system secured and security breaches are reported in a timely manner
* Staff awareness sensitization conducted as is necessary
* Incident response plan developed and incidents are reported immediately
* Firewall policies maintained
* On-going research are conducted and recommendations made to improve existing security mechanisms
* Support provided to users
* Information Security Risk Register Managed
E.
REQUIRED COMPETENCIES

Good problem solving and analytical skills;




Good written and oral communication skills for effective audit report writing and presentations.

Ability to work in a team
Performance management to optimize personal productivity.
Personal motivation and drive exhibited through commitment to work hard towards goals and
showing enthusiasm and career commitment.
Interpersonal skills to effectively communicate with and manage customer expectations (internal and
external), and other stakeholders who impact performance.
Page 3 of 4
MINIMUM REQUIRED EDUCATION AND EXPERIENCE
(a) Specific knowledge (however acquired) required to start:
(b) Attend relevant training on emerging trends and practices within the IS field
(c) Network within the profession and relevant associations to keep abreast with the industry
(d) Reference relevant professional institutions e.g. CoBIT, ISO, ISF’s Standards of Good Practice, to enable
the Ministry achieve best practice information security practices.
(b)
(e)
(f)
(g)
(h)
Qualifications and Experience
A Bachelor’s Degree in Computer Science or its equivalent
Three (3) years’ experience in a similar capacity
Information Systems Security Certification
Demonstrated knowledge Known Vulnerability assessment tools
Page 4 of 4