---

Role Responsibilities

Strategic IT Security Management

•  Develop and implement CEDA’s comprehensive IT security strategy in alignment with organizational goals.
• Conduct regular reviews and updates of security policies, standards, and procedures.
• Plan and manage the security budget to ensure effective resource allocation.
• Engage in continuous improvement initiatives to strengthen the security posture.
• Evaluate the effectiveness of security controls and adapt to changing threats.

Cybersecurity Operations

• Monitor and maintain secure network infrastructure, including firewalls, intrusion detection systems, and access controls.
• Oversee the implementation and configuration of security tools such as SIEM (Security Information and Event Management), endpoint protection, and vulnerability scanners.
• Conduct regular audits and penetration tests to identify and mitigate vulnerabilities.
• Ensure system and application patches are up-to-date to prevent potential exploits.
• Evaluate network architecture for security weakness.

Risk Management and Compliance

• Lead risk assessments to identify and evaluate potential security risks.
• Develop and enforce mitigation plans to address identified risks.
• Ensure compliance with local regulations such as Botswana’s data protection laws and global standards like GDPR or ISO 27001.
• Collaborate with internal and external auditors for security evaluations and certifications.

Data Protection and Privacy for IT Environment

• Implement and Monitor organizational compliance with Botswana’s Data Protection Act and other relevant regulations.
• Develop, implement and manage the Company’s data protection management framework.
• Ensure the secure storage, transmission, and handling of sensitive financial and customer data at rest and in-motion.
• Establish robust encryption and access control measures to prevent unauthorized access
• Collaborate with internal teams to enhance data privacy and ensure adherence to legal requirements.
• Develop and implement procedures for detecting, responding to, and mitigating data breaches.

Security Awareness and Training

• Conduct regular training and awareness programs to promote cybersecurity best practices among employees.
• Foster culture of security awareness across all levels of the organization.

Incident Response and Recovery

• Establish and maintain an incident response framework to address breaches and cybersecurity threats promptly.
•  Lead the investigation of security incidents, ensuring root cause analysis and lessons learned are documented.
• Develop and test disaster recovery plans and business continuity measures to minimize downtime.

Team Leadership and Stakeholder Collaboration

• Manage and mentor a team of IT security professionals, promoting skill development and growth.
• Collaborate with other departments to ensure security practices are integrated into daily operations.
• Communicate effectively with senior management, presenting security updates and risk assessments.
• Foster relationships with external vendors, regulators, and cybersecurity consultants.

Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.

Professional​

• Professional certifications such as CISSP, CISM, CRISC, CEH, CTI or ISO 27001 Lead Auditor.

Experience

• Minimum of 5 years’ experience in as an IT Security Manager/proven work experience leading cybersecurity or information systems security.

Knowledge & Skills required

• Expertise in network security, endpoint protection, and cloud security platforms.
• Knowledge of emerging technologies like AI in cybersecurity and Zero Trust Architecture.
• Proficiency in security frameworks such as NIST, COBIT, or MITRE ATT&CK.
• Hands-on experience with tools such as firewalls, SIEM systems, VPNs, and data loss prevention solutions.
• Communication
• Planning & Organizing
• Change Management
• Service Orientation
• Performance Management
• CEDA Values

 

---