INFORMATION SECURITY & CONTROL ANALYST

The ISCA is responsible for the implementation, continuous improvement, and maintenance of the Information Security Management Program at HPS Payment Services. The incumbent must have solid experience in information security and IT resilience management, with a deep understanding of security standards and best practices such as ISO 27001, NIST CSF, SOC2 Type II, and PCI DSS.

Key Responsibilities

1. Information Security Management System (ISMS) Maintenance
• Develop, implement, and maintain information security policies, procedures, and guidelines in alignment with international standards and best practices
• Coordinate and oversee information security risk management activities across HPS
• Ensure compliance with applicable legal, regulatory, and contractual information security requirements
• Identify, assess, and mitigate information security risks through appropriate measures
• Support the monitoring and management of IT-related risks and contractual non-compliance impacts
• Oversee the implementation of security controls to protect organizational IT assets
• Ensure appropriate security measures are in place based on process criticality and asset sensitivity:
o Evaluate inherent and residual risk levels with asset owners
o Guide risk owners on appropriate risk treatment options (mitigation, acceptance, transfer, rejection)
o Challenge proposed action plans to ensure practicality and feasibility
• Provide regular reports on ISMS performance, identified risks, and mitigation efforts to key stakeholders, including senior management and the board
• Supervise security awareness and training activities for employees
• Coordinate internal and external audits of the ISMS to assess control effectiveness
• Monitor, analyze, and coordinate responses to information security incidents
• Collaborate cross-functionally to integrate information security into business processes and IT projects

2. Security by Design – Ensuring Security in Projects
• Support project teams in implementing new or integrating existing security systems
• Define and execute IT risk management requirements within HPS projects
• Ensure the integration of security practices throughout the project lifecycle
• Identify potential project-related security risks, vulnerabilities, and threats; define and follow up on treatment plans
• Ensure compliance with relevant security regulations and standards in project contexts
• Evaluate the security compliance of technological solutions used in projects
• Track and measure project-level security performance through KPIs

3. Security Assurance – Certification & Client Support
• Lead the planning of security certifications and proactively prepare for recertification exercises
• Coordinate with internal teams to organize periodic reviews and collect certification deliverables
• Manage action plans resulting from certification exercises

4. Client-Facing Security Monitoring • Prepare materials for client security committees

• Conduct client security committees and follow up on related actions
• Prepare vulnerability monitoring reports and track related indicators
• Monitor and analyze potential security threats, including cyberattacks, system vulnerabilities, and data breaches

5. Evaluation & Reporting
• Conduct regular IT risk assessments and security audits to identify weaknesses and recommend improvements
• Perform ad hoc or ongoing security reviews (e.g., access rights reviews, firewall rules reviews)
• Stay updated on emerging security threats and trends through continuous technology watch
• Prepare regular risk and security management reports for executive leadership and the board

Requirements:
Behavioral Skills & Knowledge
• Effective communication with all levels of the organization and external stakeholders using various communication methods
• Ability to work collaboratively across departments to achieve information security goals
• Inspiring and motivating others by setting a clear vision and leading by example
• Adapting to changing situations and handling challenges in information security
• Resolving conflicts constructively to maintain a harmonious work environment
• Raising awareness and promoting a strong security culture
• Managing time and priorities efficiently to meet information security requirements
• Giving and receiving constructive feedback to support continuous improvement Professional Skills
• In-depth knowledge of information security principles, including risk management, regulatory compliance, data protection, and network security
• Ability to identify, assess, and mitigate IT-related risks
• Understanding and applying legal and regulatory requirements for information security
• Monitoring and analyzing cybersecurity threats, vulnerabilities, and data breaches
• Planning and executing information security initiatives effectively
• Communicating with internal and external stakeholders, including executives, employees, vendors, and regulators
• Quickly identifying and resolving information security issues
• Staying updated on cybersecurity trends and emerging threats
• Effectively managing security incidents and coordinating emergency responses

Job Profile
• Education: Candidates must hold a degree or equivalent in a related field
• Experience: 3+ years in information security or a related domain
Preferred Certifications
• COBIT
• CISA
• CRISC
• CEH
• ISO 27001 Lead Implementer
• PMP
• ITIL
• CISSP

How to Apply
Interested candidates are invited to submit their application letter along with a detailed CV to icps_recruitment@icps.mu
Please ensure that all required information is accurately completed in the relevant sections.
Incomplete applications will not be considered.

Location: 7th floor, The Docks 2, Caudan St, Port-Louis 11307
Note The Management reserves the right not to make an appointment following this advertisement.