Council Of Health Insurance
Cybersecurity Risk Assessment Section Head
Job purpose
The job holder is responsible for managing Risk Management section activities including improving the development and implementation of risk strategy, and managing risk identification, classification, assessment, and mitigation to minimize and mitigate risks in CHI practices.
Responsibilities
Keep abreast of national and international cybersecurity guidelines, procedures, and standards pertaining to risk management in line with relevant regulatory requirements
Review and provide advice concerning cybersecurity risk management methodology, framework, guidelines, and criteria for risk identification, classification, assessment, and mitigation
Review and maintain cybersecurity risk assessment plan to monitor cyber threats in line with external regulations including National Cybersecurity Authority (NCA)
Manage cybersecurity risk assessments and ensure update of cybersecurity risk register
Ensure the identification and classification of potential cybersecurity risks based on the probability of risk occurring, its degree of importance, and priority level
Assess and review developed cybersecurity risk mitigation strategies and cybersecurity countermeasures in coordination with concerned stakeholders and provide improvement recommendations
Ensure that cybersecurity risk assessment procedures are implemented in the early stages of projects to identify risks promptly
Manage the tracking and monitoring of risk register to evaluate control strategies and response procedures
Manage the development of awareness programs to introduce cybersecurity practices to CHI departments and answer inquiries
Ensure periodic review and update of cybersecurity risk management methodology and procedures
Recommend changes to CHI infrastructure to improve security based on identified and analyzed risks
Review developed reports highlighting findings and gaps in cybersecurity risk assessment practices, and provide recommendations for improvement
Education, Certifications
Bachelor’s Degree in Information Systems or Computer Science or Cybersecurity or a related field
Certified Cyber (Governance, Risk and Compliance) Professional CC(GRC)P certification in required or a related field
Knowledge of ISO 24760 or ISO 29146 or ISO 27001 and National Cybersecurity Authority (NCA) standards is required
Highly proficient in oral and written English language
Experience
7+ years of relevant experience
Experience in developing frameworks and implementing systems for information security management, security controls, data protection and privacy, identity and access management, gap and maturity assessment, and security compliance checks