Specialist, Information Security @ Aga Khan Education Service, Pakistan

Job Summary

The Specialist, Information Security is primarily responsible to ensure implementation of organizational and technical measures to ensure information security across the organization. S/he also understands compliance requirements in general and has relevant expertise to guide and work with AKES units and departments to run the data protection and privacy programme and implement relevant policies and procedures.

Information Security

• Understand and implement industry global standards to ensure information security.
• Ensure adherence to organizational policies and standard operating procedures across technology operations.
• Implement and enforce security protocols, access controls, technical measures and information security related best practices in alignment with IT policies and standard operating procedures.
• Ensure that all technology operations comply with relevant regulations and industry standards. Implement and maintain necessary controls to meet compliance requirements.
• Ensure regular and secure backup of organizational data assets and services. Implement robust security measures to protect organizational data assets and services from potential threats.
• Ensuring sound business continuity from IT perspective and risk mitigation measures are in place to effectively protect the organizational data and other IT assets.
• Lead implementation of organizational measures to ensure information security. This includes running awareness campaign, IT services compliance reviews, gap assessments, evaluation of IT solutions from information security perspective, and due diligence for vendor onboarding and relationships.
• Create general awareness in the organization regarding information security and data protection. Conduct awareness sessions and facilitate staff self-learning.

Data Protection:

• Play key role in ensuring compliance with statutory regulations like data protection acts from IT perspective.
• Act as the primary point of contact within the organization and any relevant stakeholders on matters related to data protection.
• Contribute for development and lead implementation of internal and external (public) policies, guidelines, and procedures for compliance with data protection regulations and acts, in consultation with key stakeholders.
• Maintain comprehensive records of all data assets and processing activities conducted by AKES units, including the purposes of all processing activities.
• Identify, assess, and mitigate risks associated with each data asset and processing activity from compliance perspective.
• Proactively conduct audits to ensure compliance and address potential issues.
• Facilitate organizational measures for data protection including awareness campaigns, privacy notices, data processing agreements, etc.
• Design and conduct awareness sessions for staff members.
• Inform and advise staff members about the obligations to comply with the data protection laws.
• Promote a culture of data protection compliance across all units of the organization.
• Advise on and facilitate data protection impact assessments.
• Ensure privacy by design at all levels within the organization.
• Liaise with other organizations, data processors and vendors that process data on our behalf.
• Ensure all queries from data subjects are addressed in timely manner.
• Address privacy breaches and take proactive steps to avoid / minimize such breaches.

IT Operations Support

• Supervise IT operations support at a regional level, ensuring the reliability and availability of technology infrastructure and systems. This includes monitoring network performance and system health, addressing technical challenges in timely manner, and promoting regular communication with stakeholders on matters IT.
• Liaise with respective departments and external service providers for resolution of technical challenges as per service level agreements.
• Facilitate the implementation and support for all technology initiatives including information systems.
• Stay updated with emerging technologies and recommend suitable solutions to enhance operational efficiency and security.
• Guide AKES units in the region for identifying and quantifying IT needs with guidance from IT central office; prepare and track utilization of IT budgets for technology operations in the region. Optimize resource allocation to achieve cost-effectiveness.
• Supervises the purchasing of all software, hardware, and other IT supplies for AKES units in the region.
• Technically facilitate procurement office in managing contracts with external suppliers/vendors relating to IT.
• Ensure management of IT assets in the region, including hardware, software, and licenses. Keep track of asset inventory, maintenance, and disposal according to established policies.
• Develop user manuals and guides for common IT procedures, ensuring easy access to essential information.
• Provide technical support and guidance to junior IT team members. Assist in resolving complex technical issues and promoting knowledge sharing within the team.
• Track, monitor and report IT function performance against set strategic and operational goals for AKES units in the region.
• Functionally manage, guide, appraise and coach IT staff members in the region.
• Assist IT central office in extending support to IT staff members in other AKS units, as and when needed.
• Any other duties assigned by the supervisor.

 

Required Skills

Qualifications:

• Bachelors     
• Discipline: Computer Science or Information Technology.
• Certifications: CEH, CISA     
• Relevant Experience: 2 years

Skills:

• Information security standards,
• risk and compliance management,
• policy development,
• information management,
• information security gap assessment/ audit.