Applications are invited from suitably qualified persons of Malawian origin to fill vacant positions in the company.

THE ORGANIZATION

Electricity Generation Company (Malawi) Limited. EGENCO is a limited liability company incorporated under the Companies Act (Cap.46:03) of the Laws of Malawi on 7th September 2016.

The company is wholly owned by the Government of Malawi and was established with the mandate of generating electricity in Malawi. It started its operations on 1 January 2017.

To fulfil its mandate effectively and efficiently, the company now invites suitably qualified and experienced dynamic individuals to fill the following challenging and exciting position in the Company

ASSISTANT MIS SECURITY ADMINISTRATOR – (GRADE EG7) – (1 POSITION)

Tenable in the Company in the ICT Department at the Head Office, Chayamba, Blantyre. This post reports to the Data Centre Administrator.

PURPOSE OF THE POSITION

The Assistant MIS Security Administrator shall play a pivotal role in ensuring the overall security and integrity of the IMIS, encompassing various aspects such as cybersecurity, access control, and compliance with security policies and regulations. The primary purpose is to design, implement, and maintain robust security measures to safeguard the company’s IT infrastructure and data assets.

Key Duties and Responsibilities 

1. Developing and implementing comprehensive cybersecurity strategies, policies, and procedures to protect the MIS from internal and external threats
2. Managing firewall configurations and access control lists to regulate network traffic and prevent unauthorized access to sensitive systems and data.
3. Administering and maintaining the active directory environment, including authentication, group policies, and directory service integration.
4. Conducting regular security assessments and vulnerability scans to identify and mitigate potential security risks and vulnerabilities.
5. Monitoring security logs and alerts to detect and respond to security incidents, including malware infections, phishing attempts, and unauthorized access attempts.
6. Ensuring that all audit trails of all systems are active and functional for purposes of independent audit and assurance.
7. Collaborating with internal stakeholders, including the internal audit and risk management departments, to facilitate security audits, assessments, and compliance reviews.
8. Providing security awareness training and guidance to end-users and IT staff to promote a culture of cybersecurity awareness and best practices.
9. Staying informed about the latest cybersecurity threats, trends, and technologies to continuously enhance the Company’s security posture.
10. Liaising with physical security teams to ensure that access control to all facilities is integrated in the MIS security ecosystem.
11. Participating in incident response and crisis management activities to minimize the impact of security incidents and ensure timely resolution.

EXPECTED COMPETENCIES 

1. Proficiency in cybersecurity principles, practices, and technologies, including network security, endpoint security, and data protection at enterprise level
2. Experience with firewall management, intrusion detection/prevention systems (IDS/IPS), and security information and event management (SIEM) tools
3. Knowledge of access control mechanisms, including role-based access control (RBAC), multi-factor authentication (MFA), and privileged access management (PAM).
4. Familiarity with regulatory compliance frameworks and standards, such as GDPR, HIPAA, PCI DSS, and ISO/IEC 27001.
5. Strong analytical and problem-solving skills to assess security risks and recommend effective countermeasures.
6. Excellent communication and interpersonal skills to collaborate with cross-functional teams and communicate security requirements and recommendations effectively.
7. Ability to work independently and prioritize tasks in a dynamic and fast-paced environment.
8. Commitment to maintaining the confidentiality, integrity, and availability of sensitive information and systems.

RELATED KNOWLEDGE, SKILLS, AND ABILITIES

1. Certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM).
2. Experience with security incident response procedures, digital forensics, and incident handling protocols.
3. Knowledge of identity and access management (IAM) solutions, including directory services, single sign-on (SSO), and identity federation.
4. Understanding of cloud security principles and best practices for securing cloud-based infrastructure and services.
5. Familiarity with security risk assessment methodologies and tools for identifying and prioritizing security risks.
6. Experience with security awareness training programs and security awareness campaign management.

QUALIFICATIONS AND EXPERIENCE

1. Bachelor’s Degree in Computer Science, Information Security, or a related field.
2. Aged between 25-35.
3. At least a minimum of 3 years of experience in information security roles, with a focus on designing, implementing, and managing security controls in enterprise environments.
4. Proven track record of successfully leading security initiatives and projects, including security architecture design, implementation, and maintenance.
5. Experience working with regulatory compliance requirements and conducting security audits and assessments.
6. Strong technical skills and hands-on experience with security technologies, tools, and frameworks.

METHOD OF APPLICATION

Interested persons should submit applications attaching a comprehensive CV, relevant certificates, and names of three traceable referees and these should reach the undermentioned not later than Monday, 9th December 2024.

Acting Director of Human Resources Management
Electricity Generation Company (MW) Ltd
Chayamba Building – Floor No. 4
P O Box 1567
BLANTYRE

***WE ARE AN EQUAL OPPORTUNITY EMPLOYER***