Information and Cyber Security Manager – Botswana Power Corporation

Main purpose of the position

To manage the Corporation’s information and cyber security function to ensure the confidentiality, integrity, and availability of the company’s information assets. The role is also responsible for establishing security frameworks, strategies, policies, and programs to protect against internal and external threats across the Corporation.

Job Responsibilities

• Develops and implements a comprehensive information and cyber security strategy.
• Conducts risk assessments and vulnerability analysis to identify potential threats and weaknesses.
• Establishes security policies, standards, and procedures in alignment with business objectives and regulatory requirements.
• Stays up-to-date with emerging security threats, technologies, and best practices.
• Oversees daily security operations, including monitoring, detection, and response to security incidents.
• Manages the implementation and maintenance of security tools and technologies, such as firewalls, intrusion detection systems, and encryption solutions.
• Monitors timely application of security patches and updates to all systems and applications.
• Manages compliance with relevant legal, regulatory, and industry standards (e.g., DPA, NIST, ISO).
• Conducts regular security audits and assessments to verify compliance and identify areas for improvement.
• Maintains documentation related to security policies, procedures, and incidents.
• Develops and maintains an incident response plan and coordinate response efforts during security incidents.
• Performs forensic analysis and post-incident reviews to identify root causes and implements corrective actions.
• Provides effective communication and coordination during security incidents.
• Implements encryption and other security measures to protect personal data at rest and in transit.
• Implements encryption, hashing, and cryptographic protocols to protect data at rest and in transit.
• Conducts comprehensive risk assessments to identify and prioritize security risks.
• Develops threat models to understand potential attack vectors and impacts.
• Implements effective risk mitigation strategies and controls.
• Manages the threat landscape specific to the utility sector.
• Collects, analyzes, and acts on threat intelligence data. Conducts proactive threat hunting within the utility’s ICT and operational technology (OT) environments.
• Develops and delivers effective security awareness and training programs for employees.
• Conducts phishing simulations to educate employees about email-based threats.
• Coordinates behavioural analytics to identify and mitigate insider threats.
• Reviews and implements secure design principles for applications, systems, and networks.
• Maintains high standards of professionalism and accountability in all aspects of the role.
• Works closely with IT teams, business units, and external partners to integrate security into all aspects of the organization’s operations.
• Communicates security risks, strategies, and initiatives to senior management and stakeholders.
• Engages with regulatory bodies and industry groups on security-related matters.
• Delivers outcomes by managing others and working within established systems.
• Supports others by carrying out simple safety, health and environment tasks using established procedures.
• Implements the team’s performance management systems with guidance from management in line with PMS policy and procedures.
• Identifies shortcomings, suggests, and implements improvements to existing business practices, while developing and delivering projects or a work stream within the organization’s change management program with guidance from management.
• Manages relationships with key customers and act as their business partner, while typically using support teams to ensure client satisfaction.

Qualifications

• A minimum of a Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field.
• A Master’s Degree in the related disciplines will be an added advantage.

Experience

• At least seven (7) years post qualification experience in information security and cyber security in a large corporate environment.
• Of the above, at least three (3) years should have been served at a management level.
• Relevant Professional certifications such as CISSP, CISM, CEH are required.
• Extensive experience with security framework such as NIST, ISO 27001, Standards, security tools and technology (e.g. SIEM, IDS/IPS, DLP) and best practices are required.
• Experience working in the energy, utilities or a similar sector will be an added advantage

Competencies