Information Security Specialists at Pharmacy and Poisons Board

Job Purpose

The position is responsible for protecting the organization’s information assets by implementing and managing security measures to safeguard data and systems. Works to prevent data breaches, cyberattacks, and other security incidents, ensuring the confidentiality, integrity, and availability of the company’s digital infrastructure. This role requires expertise in identifying vulnerabilities, deploying security tools, and ensuring compliance with industry regulations.

Duties and Responsibilities

• Conduct regular security assessments and vulnerability scans to identify and address potential risks in the organization’s IT environment
• Perform risk analysis and develop risk management strategies to protect sensitive data and digital infrastructure
• Develop and maintain threat models to anticipate security challenges and address them proactively
• Identify and analyze security gaps in systems, applications, and infrastructure
• Develop, implement, and enforce information security policies, procedures, and standards across the organization
• Establish and maintain access control policies and ensure that data is accessible only to authorized individuals
• Monitor systems, networks, and applications for signs of suspicious activity or potential threats using security monitoring tools
• Respond to security incidents (such as data breaches, malware infections, and denial-of-service attacks) including investigation, containment, and remediation
• Lead post-incident analysis and reporting to identify causes and mitigate future incidents
• Maintain and manage incident response protocols, and coordinate with internal teams and external agencies during incidents
• Implement and manage security technologies such as firewalls, antivirus software, IDS/IPS, encryption tools, and vulnerability management platforms
• Conduct regular updates and patches to security systems and software to protect against known vulnerabilities
• Design and deliver information security awareness training to employees, helping them identify potential threats like phishing, social engineering, and malware
• Create guidelines and resources for employees to follow security best practices, such as password policies, data encryption, and safe online behavior
• Ensure the organization’s compliance with legal and regulatory requirements related to data security and privacy
• Prepare reports for management on the organization’s security posture and compliance status
• Work closely with IT and development teams to design, build, and maintain secure IT infrastructure
• Participate in secure application development by reviewing code and providing guidance on secure coding practices
• Stay up to date with the latest security threats, vulnerabilities, and industry trends to continuously improve security strategies

Person Specifications

For appointment to this grade, a candidate must:

• Have a Bachelor’s degree in Computer Science or any IT-related field from a recognized institution
• Hold Certified Industry Accreditations or membership of recognized industry associations and bodies
• Be proficient in computer applications
• Have good analytical and communication skills
• Fulfil the requirements of Chapter Six of the Constitution