IT Security Manager – Citizen Entrepreneurial Development Agency
Job Description
Role Responsibilities
Strategic IT Security Management
-  Develop and implement CEDA’s comprehensive IT security strategy in alignment with organizational goals.
- Conduct regular reviews and updates of security policies, standards, and procedures.
- Plan and manage the security budget to ensure effective resource allocation.
- Engage in continuous improvement initiatives to strengthen the security posture.
- Evaluate the effectiveness of security controls and adapt to changing threats.
Cybersecurity Operations
- Monitor and maintain secure network infrastructure, including firewalls, intrusion detection systems, and access controls.
- Oversee the implementation and configuration of security tools such as SIEM (Security Information and Event Management), endpoint protection, and vulnerability scanners.
- Conduct regular audits and penetration tests to identify and mitigate vulnerabilities.
- Ensure system and application patches are up-to-date to prevent potential exploits.
- Evaluate network architecture for security weakness.
Risk Management and Compliance
- Lead risk assessments to identify and evaluate potential security risks.
- Develop and enforce mitigation plans to address identified risks.
- Ensure compliance with local regulations such as Botswana’s data protection laws and global standards like GDPR or ISO 27001.
- Collaborate with internal and external auditors for security evaluations and certifications.
Data Protection and Privacy for IT Environment
- Implement and Monitor organizational compliance with Botswana’s Data Protection Act and other relevant regulations.
- Develop, implement and manage the Company’s data protection management framework.
- Ensure the secure storage, transmission, and handling of sensitive financial and customer data at rest and in-motion.
- Establish robust encryption and access control measures to prevent unauthorized access
- Collaborate with internal teams to enhance data privacy and ensure adherence to legal requirements.
- Develop and implement procedures for detecting, responding to, and mitigating data breaches.
Security Awareness and Training
- Conduct regular training and awareness programs to promote cybersecurity best practices among employees.
- Foster culture of security awareness across all levels of the organization.
Incident Response and Recovery
- Establish and maintain an incident response framework to address breaches and cybersecurity threats promptly.
- Â Lead the investigation of security incidents, ensuring root cause analysis and lessons learned are documented.
- Develop and test disaster recovery plans and business continuity measures to minimize downtime.
Team Leadership and Stakeholder Collaboration
- Manage and mentor a team of IT security professionals, promoting skill development and growth.
- Collaborate with other departments to ensure security practices are integrated into daily operations.
- Communicate effectively with senior management, presenting security updates and risk assessments.
- Foster relationships with external vendors, regulators, and cybersecurity consultants.
Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.
Professional​
- Professional certifications such as CISSP, CISM, CRISC, CEH, CTI or ISO 27001 Lead Auditor.
Experience
- Minimum of 5 years’ experience in as an IT Security Manager/proven work experience leading cybersecurity or information systems security.
Knowledge & Skills required
- Expertise in network security, endpoint protection, and cloud security platforms.
- Knowledge of emerging technologies like AI in cybersecurity and Zero Trust Architecture.
- Proficiency in security frameworks such as NIST, COBIT, or MITRE ATT&CK.
- Hands-on experience with tools such as firewalls, SIEM systems, VPNs, and data loss prevention solutions.
- Communication
- Planning & Organizing
- Change Management
- Service Orientation
- Performance Management
- CEDA Values
Closing date: June 05, 2025
