Reports IT Manager
ABOUT WASHINGTON HEALTHCARE
Founded in 2015, Washington Healthcare PLC has grown into Ethiopia’s premier healthcare provider, operating two medical centers with 80 beds, two pharmacies, and a diagnostic center staffed by over 300 healthcare professionals, serving more than 2 million patients. The organization combines advanced medical technology with internationally informed healthcare practices to deliver high-quality, accessible care to both local communities and international patients, driven by a strong commitment to excellence, accessibility, and innovation.
The IT Security Manager is responsible for developing, implementing, and managing the hospital's information security and cybersecurity program to protect the confidentiality, integrity, and availability of organizational information assets. The role oversees cybersecurity governance, risk management, identity and access management, network and endpoint security, security monitoring, incident response, disaster recovery coordination, and regulatory compliance. The IT Security Manager works closely with clinical, administrative, and technical teams to safeguard patient information, business systems, and digital infrastructure from cyber threats while supporting the hospital's strategic and operational objectives.
KEY RESPONSIBILITIES:
- Information Security Governance Duties:
- Develop, implement, and maintain the hospital's information security strategy, policies, standards, and procedures.
- Establish and maintain an Information Security Management System (ISMS).
- Develop and monitor information security objectives and key performance indicators (KPIs).
- Ensure information security practices are aligned with organizational goals and healthcare operational requirements.
- Advise senior management on cybersecurity risks, emerging threats, and mitigation strategies.
- Promote a culture of security awareness throughout the organization.
- Cybersecurity Operations Duties:
- Monitor the hospital's security environment to identify threats, vulnerabilities, and suspicious activities.
- Manage firewalls, intrusion detection and prevention systems, endpoint protection, email security, web filtering, and other security technologies.
- Coordinate vulnerability assessments, penetration testing, and remediation activities.
- Ensure timely deployment of security patches and system updates.
- Review security logs and investigate unusual activities.
- Identity and Access Management Duties:
- Develop and administer user access management policies and procedures.
- Oversee user account provisioning, modification, and deactivation.
- Ensure appropriate role-based access controls are implemented for all systems.
- Conduct periodic user access reviews and privilege audits.
- Monitor privileged account usage and recommend corrective actions where necessary.
- Support implementation of multi-factor authentication and identity security controls.
- Security Incident Management Duties:
- Lead the response to cybersecurity incidents and coordinate containment, investigation, recovery, and post-incident reviews.
- Maintain and test the hospital's Cybersecurity Incident Response Plan.
- Document security incidents and prepare investigation reports.
- Coordinate incident reporting with management and relevant stakeholders.
- Recommend corrective and preventive actions following security incidents.
- Maintain evidence in accordance with organizational procedures where investigations are required.
- Risk Management and Compliance Duties:
- Conduct regular information security risk assessments across systems and business processes.
- Identify security risks and recommend appropriate mitigation strategies.
- Ensure compliance with organizational security policies, contractual obligations, and applicable legal and regulatory requirements.
- Support internal and external audits related to information security.
- Monitor implementation of audit recommendations.
- Participate in risk management and business continuity initiatives.
- Data Protection and Business Continuity Duties:
- Develop and maintain data classification, retention, encryption, and secure disposal procedures.
- Ensure regular backup verification and coordinate disaster recovery testing with the IT Infrastructure Manager.
- Support business continuity planning for critical information systems.
- Protect sensitive patient, employee, and organizational information from unauthorized access or disclosure.
- Monitor compliance with data protection requirements and organizational confidentiality policies.
- Security Awareness and Training Duties
- Develop and implement organization-wide information security awareness programs.
- Conduct cybersecurity training for employees, contractors, and third parties.
- Promote secure use of information systems through ongoing education and communication.
- Coordinate phishing simulations and other awareness activities where appropriate.
- Evaluate the effectiveness of security awareness initiatives.
- Vendor and Third-Party Security Duties
- Assess cybersecurity risks associated with vendors, suppliers, and third-party service providers.
- Review security requirements during procurement of technology solutions.
- Ensure appropriate security clauses are incorporated into technology contracts.
- Monitor third-party compliance with security requirements.
- Leadership and Administration Duties
- Lead, supervise, mentor, and evaluate IT Security Officers and other assigned security personnel.
- Develop departmental work plans, budgets, and performance reports.
- Coordinate security projects and technology implementations.
- Promote continuous improvement in information security practices.
- Collaborate with Infrastructure, Application Support, Internal Audit, Risk Management, and other departments to strengthen organizational security.
- Other Duties as Required
- Participate in accreditation, quality improvement, digital transformation, and governance initiatives.
- Support investigations involving information security or cyber-related incidents.
- Perform other duties assigned by the Head of Information Technology (IT Manager).