Cybersecurity specialist

Important Note:

The employer for this vacancy will be the Ministry of Health of Uzbekistan and the selected candidate is expected to work on the Ministry premises.

Responsibilities:

The scope of the services required from Cybersecurity specialist will include:

• Cybersecurity strategy and implementation:
  1. Develop and implement comprehensive cybersecurity strategies to protect the integrity and confidentiality of DHMU's digital systems and data, aligning with relevant national and international standards.
  2. Regularly review and update cybersecurity strategies to address emerging threats and evolving regulatory requirements.
• Risk assessment and management:
  1. Conduct regular risk assessments to identify potential vulnerabilities and threats to DHMU’s IT infrastructure and data assets.
  2. Develop risk management plans that prioritize remediation efforts based on the severity of identified risks.
  3. Continuously monitor and reassess the cybersecurity posture to ensure that risk mitigation strategies are effective.
• Security controls and measures:
  1. Implement appropriate security measures, such as firewalls, intrusion detection systems, antivirus software, intrusion prevention systems, data loss prevention, and access controls, to mitigate identified risks.
  2. Perform regular testing and evaluation of security controls to ensure they are functioning effectively.
  3. Coordinate with IT teams to ensure system updates, patches, and vulnerability scans are conducted regularly to prevent potential exploits.
• Cybersecurity policies and procedures:
  1. Develop and enforce cybersecurity policies and procedures to ensure compliance with relevant regulations and industry best practices (e.g., NIST Cybersecurity Framework, ISO 27001).
  2. Conduct regular audits and reviews of cybersecurity policies to ensure continued relevance and effectiveness.
  3. Collaborate with legal and compliance teams to align cybersecurity policies with national healthcare regulations and data protection laws.
• Threat monitoring and incident response:
  1. Monitor IT systems and networks for suspicious activity, promptly investigating and responding to security incidents and breaches.
  2. Implement incident response plans to effectively contain and mitigate the impact of security breaches.
  3. Establish post-incident analysis processes to identify root causes and update security measures accordingly.
• Security awareness training:
  1. Conduct security awareness training for DHMU staff to promote a culture of cybersecurity and empower employees to identify and report potential threats.
  2. Develop customized training programs based on specific roles within DHMU, ensuring that staff are aware of their unique cybersecurity responsibilities.
  3. Regularly update training content to reflect new threats, tools, and best practices in cybersecurity.
• Emerging threat management:
  1. Stay up-to-date on emerging cybersecurity threats and vulnerabilities, continuously adapting security measures to address evolving risks.
  2. Participate in cybersecurity forums and collaborations with industry peers to share knowledge on the latest threats and mitigation strategies.
  3. Engage with cybersecurity solution providers to explore and implement new technologies that enhance DHMU's security posture.

The successful offeror shall meet the following minimum qualification criteria. Not meeting these criteria automatically leads to disqualification from the recruitment process:

• Master's degree in relevant field.
• Proficiency in Uzbek and English.
• Minimum of 5 years of experience in relevant field.

EVALUATION CRITERIA:

General qualification:

• Master's degree in Cybersecurity, Information Technology, Computer Science, or a related field (holding additional professional education or advanced training programs in relevant fields is beneficial).
• Years of experience in cybersecurity, information security, or a related field.
• Knowledge of relevant cybersecurity regulations and compliance requirements within the healthcare sector.
• Relevant cybersecurity certifications (e.g., CISSP, CISM, Security+, CEH, OSCP) are highly desirable.

Other experience:

• Strong understanding of cybersecurity principles, threats, vulnerabilities, and risk management methodologies.
• Experience in implementing and managing security solutions, such as firewalls, intrusion detection systems, and access controls.

Other skills:

• Proven ability to identify, analyze, and respond to security incidents and breaches effectively.
• Excellent analytical and problem-solving skills to assess risks and develop appropriate mitigation strategies.
• Strong communication and interpersonal skills to effectively collaborate with stakeholders and promote cybersecurity awareness.
• Ability to work independently and as part of a team, demonstrating initiative and a commitment to maintaining a secure digital environment.